Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2022-24884

    ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, ma... Read more

    Affected Products : fedora debian_linux ecdsautils
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-24803

    Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host ... Read more

    Affected Products : asciidoctor-include-ext
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-24816

    JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, ... Read more

    Affected Products : jai-ext
    • Actively Exploited
    • Published: Apr. 13, 2022
    • Modified: Feb. 18, 2025

  • 10.0

    HIGH
    CVE-2022-24720

    image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the att... Read more

    Affected Products : debian_linux image_processing
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-24422

    Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.... Read more

    Affected Products : idrac9
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0271

    The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "c... Read more

    Affected Products : openview_network_node_manager
    • Published: Jan. 13, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-4235

    Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.... Read more

    Affected Products : helix_server helix_mobile_server
    • Published: Apr. 04, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-23660

    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this sec... Read more

    Affected Products : clearpass_policy_manager
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-23657

    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this sec... Read more

    Affected Products : clearpass_policy_manager
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23812

    This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead ... Read more

    Affected Products : node-ipc
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23221

    H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.... Read more

    • Published: Jan. 19, 2022
    • Modified: May. 05, 2025

  • 10.0

    HIGH
    CVE-2022-22832

    An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.... Read more

    Affected Products : tessa
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22796

    Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.... Read more

    Affected Products : sysaid
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22704

    The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.... Read more

    Affected Products : zabbix-agent2 alpine_linux
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22587

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple... Read more

    Affected Products : macos iphone_os ipados
    • Actively Exploited
    • Published: Mar. 18, 2022
    • Modified: Feb. 28, 2025

  • 10.0

    CRITICAL
    CVE-2022-22536

    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's ... Read more

    • Actively Exploited
    • Published: Feb. 09, 2022
    • Modified: Mar. 13, 2025

  • 10.0

    CRITICAL
    CVE-2022-22683

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • Published: Jul. 28, 2022
    • Modified: Jan. 14, 2025

  • 10.0

    CRITICAL
    CVE-2022-22486

    IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM ... Read more

    Affected Products : tivoli_workload_scheduler
    • Published: Feb. 03, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22055

    The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the sys... Read more

    Affected Products : le-yan_dental_management_system
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-21898

    DirectX Graphics Kernel Remote Code Execution Vulnerability... Read more

    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results