Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-31618

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service.... Read more

    Affected Products : virtual_gpu
    • EPSS Score: %0.13
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-7268

    MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the f... Read more

    Affected Products : linux_kernel mac_os_x sysinfo
    • EPSS Score: %0.06
    • Published: May. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-3146

    A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the fil... Read more

    • EPSS Score: %0.01
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-3110

    An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-30775

    xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.26
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-30673

    Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Ex... Read more

    Affected Products : macos windows indesign
    • EPSS Score: %0.04
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-30668

    Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL... Read more

    Affected Products : macos windows illustrator
    • EPSS Score: %2.04
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-29799

    A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-d... Read more

    Affected Products : windows_defender_for_endpoint
    • EPSS Score: %0.34
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2018-1002207

    mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vul... Read more

    Affected Products : archiver archiver
    • EPSS Score: %2.62
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-15650

    Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are... Read more

    Affected Products : android firefox_esr
    • EPSS Score: %0.25
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-15649

    Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffec... Read more

    Affected Products : android firefox_esr
    • EPSS Score: %0.24
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-28856

    Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Ex... Read more

    Affected Products : macos windows indesign
    • EPSS Score: %0.03
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-28855

    Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Ex... Read more

    Affected Products : macos windows indesign
    • EPSS Score: %0.03
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-28191

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service.... Read more

    Affected Products : virtual_gpu
    • EPSS Score: %0.07
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-28190

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.... Read more

    Affected Products : gpu_display_driver
    • EPSS Score: %0.12
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-28189

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.... Read more

    Affected Products : gpu_display_driver
    • EPSS Score: %0.12
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-28187

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service.... Read more

    Affected Products : gpu_display_driver
    • EPSS Score: %0.04
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-27938

    stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.... Read more

    Affected Products : libsixel
    • EPSS Score: %0.13
    • Published: Mar. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-27636

    On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.... Read more

    • EPSS Score: %0.23
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-15104

    In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorre... Read more

    Affected Products : envoy
    • EPSS Score: %0.12
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results