Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-32002

    The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x... Read more

    Affected Products : node.js
    • EPSS Score: %0.03
    • Published: Aug. 21, 2023
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-45615

    There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successf... Read more

    Affected Products : arubaos instantos
    • EPSS Score: %0.87
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30801

    All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use t... Read more

    Affected Products : qbittorrent
    • EPSS Score: %0.37
    • Published: Oct. 10, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-29531

    An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulne... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • EPSS Score: %0.95
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2023-29404

    The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#... Read more

    Affected Products : fedora go
    • EPSS Score: %0.08
    • Published: Jun. 08, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-29300

    Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not re... Read more

    Affected Products : coldfusion
    • Actively Exploited
    • EPSS Score: %92.91
    • Published: Jul. 12, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-28531

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.... Read more

    • EPSS Score: %0.10
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28324

    A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.... Read more

    Affected Products : endpoint_manager
    • EPSS Score: %78.60
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25178

    Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. ... Read more

    Affected Products : c300_firmware c300
    • EPSS Score: %0.89
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23363

    A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in... Read more

    Affected Products : qts
    • EPSS Score: %1.28
    • Published: Sep. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-20894

    The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading t... Read more

    Affected Products : vcenter_server
    • EPSS Score: %49.09
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-20893

    The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system tha... Read more

    Affected Products : vcenter_server
    • EPSS Score: %2.92
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48716

    In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix incorrect used of portid Mixer controls have the channel id in mixer->reg, which is not same as port id. port id should be derived from chan_info array. So fi... Read more

    Affected Products : linux_kernel
    • Published: Jun. 20, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-46680

    A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. ... Read more

    • EPSS Score: %0.12
    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45141

    Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the ... Read more

    Affected Products : samba
    • EPSS Score: %0.35
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-4399

    A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7... Read more

    Affected Products : nodau
    • EPSS Score: %0.05
    • Published: Dec. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43634

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from th... Read more

    Affected Products : netatalk
    • EPSS Score: %4.35
    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41639

    A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary c... Read more

    Affected Products : debian_linux openimageio
    • EPSS Score: %0.27
    • Published: Dec. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40300

    Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.... Read more

    • EPSS Score: %46.10
    • Published: Sep. 16, 2022
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-39379

    Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitr... Read more

    Affected Products : fedora fluentd
    • EPSS Score: %8.87
    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291335 Results