Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-41903

    Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operator... Read more

    Affected Products : git git
    • EPSS Score: %18.28
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37890

    Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6... Read more

    • EPSS Score: %0.82
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34381

    Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, le... Read more

    Affected Products : bsafe_ssl-j bsafe_crypto-j
    • EPSS Score: %0.63
    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33321

    Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Condit... Read more

    • EPSS Score: %0.58
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-32839

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app terminati... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • EPSS Score: %1.71
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-31692

    Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application ... Read more

    • EPSS Score: %6.71
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-30235

    A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)... Read more

    • EPSS Score: %0.34
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29022

    A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.... Read more

    Affected Products : openrazer
    • EPSS Score: %0.08
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-20892

    The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arb... Read more

    Affected Products : vcenter_server
    • EPSS Score: %0.58
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28357

    NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.... Read more

    Affected Products : nats-server
    • EPSS Score: %0.23
    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24754

    PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (crede... Read more

    Affected Products : debian_linux pjsip
    • EPSS Score: %0.53
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24439

    All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible bec... Read more

    Affected Products : fedora debian_linux gitpython
    • EPSS Score: %69.55
    • Published: Dec. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23537

    PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown... Read more

    Affected Products : debian_linux pjsip
    • EPSS Score: %0.19
    • Published: Dec. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23468

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue.... Read more

    Affected Products : debian_linux xrdp
    • EPSS Score: %0.13
    • Published: Dec. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22687

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %5.61
    • Published: Mar. 25, 2022
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-22167

    A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabl... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +18 more products
    • EPSS Score: %0.26
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21420

    Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network acce... Read more

    Affected Products : coherence
    • EPSS Score: %1.79
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1664

    Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that includ... Read more

    • EPSS Score: %0.48
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0839

    Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.... Read more

    Affected Products : liquibase sqlcl
    • EPSS Score: %0.12
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44231

    Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.... Read more

    • EPSS Score: %0.63
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292247 Results