Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-40609

    IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execu... Read more

    Affected Products : sdk
    • EPSS Score: %0.09
    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2007-5775

    Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a... Read more

    • EPSS Score: %7.64
    • Published: Nov. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-36227

    In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 rema... Read more

    • EPSS Score: %0.43
    • Published: Nov. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3515

    A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a mal... Read more

    Affected Products : libksba gpg4win vs-desktop gnupg
    • EPSS Score: %0.13
    • Published: Jan. 12, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-33980

    Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.confi... Read more

    • EPSS Score: %87.66
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31813

    Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.... Read more

    • EPSS Score: %0.07
    • Published: Jun. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-31737

    A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.21
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-31031

    PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affect... Read more

    Affected Products : debian_linux pjsip
    • EPSS Score: %0.56
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46279

    Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.... Read more

    Affected Products : dubbo
    • EPSS Score: %1.12
    • Published: Dec. 15, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-28347

    A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection p... Read more

    Affected Products : debian_linux django
    • EPSS Score: %0.95
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18201

    An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.... Read more

    Affected Products : libcdio
    • EPSS Score: %0.71
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18187

    In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.... Read more

    Affected Products : debian_linux mbed_tls
    • EPSS Score: %0.59
    • Published: Feb. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-1003041

    A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.... Read more

    • EPSS Score: %2.25
    • Published: Mar. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24786

    PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rps... Read more

    Affected Products : debian_linux pjsip pjsip
    • EPSS Score: %0.25
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23547

    PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a ... Read more

    Affected Products : pjsip pjsip
    • EPSS Score: %0.16
    • Published: Dec. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23521

    Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes... Read more

    Affected Products : git git
    • EPSS Score: %17.84
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21724

    pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pg... Read more

    • EPSS Score: %3.89
    • Published: Feb. 02, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2021-38734

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-30809

    elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.... Read more

    Affected Products : elite_cms
    • EPSS Score: %0.25
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18370

    An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed dir... Read more

    • EPSS Score: %64.01
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291589 Results