Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-46421

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. ... Read more

    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000120

    A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46293

    Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An at... Read more

    Affected Products : open_babel
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46337

    A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also all... Read more

    Affected Products : derby
    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-46320

    The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-46294

    Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An at... Read more

    Affected Products : open_babel
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46366

    Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apa... Read more

    Affected Products : tapestry
    • Published: Dec. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46326

    Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2017-5005

    Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsi... Read more

    • Published: Jan. 02, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-46387

    ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.... Read more

    Affected Products : conemu cmder
    • Published: Mar. 28, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-46291

    Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An at... Read more

    Affected Products : open_babel
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46169

    Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a s... Read more

    Affected Products : cacti
    • Actively Exploited
    • Published: Dec. 05, 2022
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-46162

    discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin ... Read more

    Affected Products : discourse_bbcode
    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46080

    Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.... Read more

    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46280

    A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file t... Read more

    Affected Products : open_babel
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8855

    Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware upda... Read more

    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45982

    thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.... Read more

    Affected Products : thinkphp
    • Published: Feb. 08, 2023
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45908

    In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.... Read more

    Affected Products : paddlepaddle
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45875

    Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack c... Read more

    Affected Products : dolphinscheduler
    • Published: Jan. 04, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-45810

    Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation f... Read more

    Affected Products : icegram_express
    • Published: Nov. 07, 2023
    • Modified: Feb. 19, 2025
Showing 20 of 292803 Results