Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.5

    MEDIUM
    CVE-2022-28855

    Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Ex... Read more

    Affected Products : macos windows indesign
    • EPSS Score: %0.03
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-28191

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service.... Read more

    Affected Products : virtual_gpu
    • EPSS Score: %0.07
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-28190

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.... Read more

    Affected Products : gpu_display_driver
    • EPSS Score: %0.12
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-28189

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.... Read more

    Affected Products : gpu_display_driver
    • EPSS Score: %0.12
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-28187

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service.... Read more

    Affected Products : gpu_display_driver
    • EPSS Score: %0.04
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-27938

    stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.... Read more

    Affected Products : libsixel
    • EPSS Score: %0.13
    • Published: Mar. 26, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-27636

    On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.... Read more

    • EPSS Score: %0.23
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2020-15104

    In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorre... Read more

    Affected Products : envoy
    • EPSS Score: %0.12
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-27148

    GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.... Read more

    Affected Products : gpac
    • EPSS Score: %0.10
    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-27135

    xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.15
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2020-1505

    An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To expl... Read more

    • EPSS Score: %1.17
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2020-1500

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request ... Read more

    • EPSS Score: %1.96
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-26878

    drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Mar. 11, 2022
    • Modified: May. 05, 2025
  • 5.5

    MEDIUM
    CVE-2022-26724

    An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.... Read more

    Affected Products : tvos
    • EPSS Score: %0.04
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2020-1485

    An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s... Read more

    • EPSS Score: %0.49
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-26712

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • EPSS Score: %0.39
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-26102

    Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if h... Read more

    Affected Products : netweaver_application_server_abap
    • EPSS Score: %0.18
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2017-6961

    An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amo... Read more

    Affected Products : apng2gif
    • EPSS Score: %0.14
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2022-25484

    tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.... Read more

    Affected Products : tcpreplay
    • EPSS Score: %0.13
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-25327

    The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that ... Read more

    Affected Products : fscrypt
    • EPSS Score: %0.04
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results