Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2022-36648

    The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. No... Read more

    Affected Products : qemu
    • EPSS Score: %0.99
    • Published: Aug. 22, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5402

    Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."... Read more

    • EPSS Score: %18.77
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2022-36067

    vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulner... Read more

    Affected Products : vm2
    • EPSS Score: %86.89
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-35978

    Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session ... Read more

    Affected Products : minetest
    • EPSS Score: %12.46
    • Published: Aug. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28350

    Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.... Read more

    Affected Products : valhall_gpu_kernel_driver
    • EPSS Score: %0.38
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28348

    Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.... Read more

    • EPSS Score: %0.41
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9476

    In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not ne... Read more

    Affected Products : android
    • EPSS Score: %8.42
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-27593

    An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions... Read more

    Affected Products : photo_station qts
    • Actively Exploited
    • EPSS Score: %93.61
    • Published: Sep. 08, 2022
    • Modified: Feb. 12, 2025

  • 10.0

    CRITICAL
    CVE-2020-14871

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multip... Read more

    Affected Products : solaris solaris
    • Actively Exploited
    • EPSS Score: %89.80
    • Published: Oct. 21, 2020
    • Modified: Feb. 07, 2025

  • 10.0

    HIGH
    CVE-2022-26501

    Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).... Read more

    Affected Products : veeam_backup_\&_replication
    • Actively Exploited
    • EPSS Score: %84.66
    • Published: Mar. 17, 2022
    • Modified: Apr. 04, 2025

  • 10.0

    CRITICAL
    CVE-2022-24803

    Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host ... Read more

    Affected Products : asciidoctor-include-ext
    • EPSS Score: %1.31
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-24706

    In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, includin... Read more

    Affected Products : couchdb
    • Actively Exploited
    • EPSS Score: %94.39
    • Published: Apr. 26, 2022
    • Modified: Jan. 29, 2025

  • 10.0

    HIGH
    CVE-2022-24086

    Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary co... Read more

    Affected Products : magento commerce magento_commerce
    • Actively Exploited
    • EPSS Score: %90.15
    • Published: Feb. 16, 2022
    • Modified: Feb. 13, 2025

  • 10.0

    CRITICAL
    CVE-2022-23658

    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this sec... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %2.11
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23227

    NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it ... Read more

    Affected Products : nvrmini2_firmware nvrmini_2 nvrmini2
    • Actively Exploited
    • EPSS Score: %52.85
    • Published: Jan. 14, 2022
    • Modified: Mar. 13, 2025

  • 10.0

    CRITICAL
    CVE-2022-22947

    In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that coul... Read more

    • Actively Exploited
    • EPSS Score: %94.46
    • Published: Mar. 03, 2022
    • Modified: Mar. 13, 2025

  • 10.0

    HIGH
    CVE-2013-0872

    The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %1.43
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-22586

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • EPSS Score: %0.84
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-22536

    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's ... Read more

    • Actively Exploited
    • EPSS Score: %93.80
    • Published: Feb. 09, 2022
    • Modified: Mar. 13, 2025

  • 10.0

    HIGH
    CVE-2009-1656

    Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulner... Read more

    Affected Products : workcentre
    • EPSS Score: %6.94
    • Published: May. 16, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291562 Results