Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-29078

    The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary... Read more

    Affected Products : ejs
    • EPSS Score: %93.46
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29023

    A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.... Read more

    Affected Products : openrazer
    • EPSS Score: %0.11
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28044

    Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.... Read more

    Affected Products : debian_linux irzip
    • EPSS Score: %0.24
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27518

    Unauthenticated remote arbitrary code execution ... Read more

    • Actively Exploited
    • EPSS Score: %9.82
    • Published: Dec. 13, 2022
    • Modified: Feb. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-26647

    A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versio... Read more

    • EPSS Score: %1.48
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26143

    The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic... Read more

    Affected Products : micollab mivoice_business_express
    • Actively Exploited
    • EPSS Score: %64.77
    • Published: Mar. 10, 2022
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-24990

    TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.... Read more

    • Actively Exploited
    • EPSS Score: %94.40
    • Published: Feb. 07, 2023
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-23852

    Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.... Read more

    • EPSS Score: %1.94
    • Published: Jan. 24, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-23457

    ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the ... Read more

    • EPSS Score: %0.20
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23085

    A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged pro... Read more

    Affected Products : freebsd
    • EPSS Score: %0.12
    • Published: Feb. 15, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2022-22720

    Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling... Read more

    • EPSS Score: %29.93
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21306

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    Affected Products : weblogic_server
    • EPSS Score: %36.54
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0691

    Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.... Read more

    Affected Products : url-parse
    • EPSS Score: %0.11
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22824

    defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more

    • EPSS Score: %0.43
    • Published: Jan. 10, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2021-44906

    Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).... Read more

    Affected Products : minimist
    • EPSS Score: %1.13
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43301

    Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.... Read more

    Affected Products : debian_linux pjsip
    • EPSS Score: %0.41
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42761

    A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthen... Read more

    Affected Products : fortiweb
    • EPSS Score: %2.51
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44732

    Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.... Read more

    Affected Products : debian_linux mbed_tls
    • EPSS Score: %0.43
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43299

    Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.... Read more

    Affected Products : debian_linux pjsip
    • EPSS Score: %0.28
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41303

    Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.... Read more

    • EPSS Score: %61.81
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results