Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-31003

    Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can se... Read more

    Affected Products : debian_linux sofia-sip
    • EPSS Score: %4.37
    • Published: May. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29958

    JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a bl... Read more

    • EPSS Score: %0.13
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29873

    A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM ... Read more

    • EPSS Score: %2.69
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28738

    A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.... Read more

    Affected Products : ruby
    • EPSS Score: %0.46
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24724

    cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption whe... Read more

    Affected Products : fedora cmark-gfm
    • EPSS Score: %4.19
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23303

    The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.... Read more

    Affected Products : fedora hostapd wpa_supplicant
    • EPSS Score: %0.33
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22822

    addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more

    • EPSS Score: %1.33
    • Published: Jan. 10, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-22817

    PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.... Read more

    Affected Products : debian_linux pillow
    • EPSS Score: %2.55
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22487

    An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability usin... Read more

    • EPSS Score: %0.21
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22012

    Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %7.14
    • Published: May. 10, 2022
    • Modified: Jan. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-0582

    Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : fedora debian_linux wireshark
    • EPSS Score: %0.07
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45005

    Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.... Read more

    Affected Products : mujs
    • EPSS Score: %0.14
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44790

    A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issu... Read more

    • EPSS Score: %87.39
    • Published: Dec. 20, 2021
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2021-44529

    A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).... Read more

    • Actively Exploited
    • EPSS Score: %94.46
    • Published: Dec. 08, 2021
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-43925

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified ve... Read more

    • EPSS Score: %0.42
    • Published: Feb. 07, 2022
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-43616

    The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to ins... Read more

    • EPSS Score: %0.77
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42553

    A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated w... Read more

    Affected Products : stm32_mw_usb_host
    • EPSS Score: %0.21
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-37350

    Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %47.52
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37232

    A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.... Read more

    Affected Products : atomicparsley
    • EPSS Score: %0.59
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36366

    Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %10.90
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291641 Results