Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2020-28615

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-0768

    Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380.... Read more

    Affected Products : goodtech_telnet_server
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0744

    The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PC... Read more

    Affected Products : ichain
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0735

    newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.... Read more

    Affected Products : newsscript
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2023-35078

    An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.... Read more

    Affected Products : endpoint_manager_mobile
    • Actively Exploited
    • Published: Jul. 25, 2023
    • Modified: Dec. 20, 2024

  • 10.0

    HIGH
    CVE-2005-0417

    Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a dupli... Read more

    Affected Products : db2_universal_database
    • Published: Apr. 27, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-28350

    Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.... Read more

    Affected Products : valhall_gpu_kernel_driver
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28348

    Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.... Read more

    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-27593

    An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions... Read more

    Affected Products : photo_station qts
    • Actively Exploited
    • Published: Sep. 08, 2022
    • Modified: Feb. 12, 2025

  • 10.0

    HIGH
    CVE-2022-26501

    Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).... Read more

    Affected Products : veeam_backup_\&_replication
    • Actively Exploited
    • Published: Mar. 17, 2022
    • Modified: Apr. 04, 2025

  • 10.0

    HIGH
    CVE-2005-0260

    Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.... Read more

    Affected Products : brightstor_arcserve_backup
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-24706

    In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, includin... Read more

    Affected Products : couchdb
    • Actively Exploited
    • Published: Apr. 26, 2022
    • Modified: Jan. 29, 2025

  • 10.0

    HIGH
    CVE-2022-24086

    Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary co... Read more

    Affected Products : magento commerce magento_commerce
    • Actively Exploited
    • Published: Feb. 16, 2022
    • Modified: Feb. 13, 2025

  • 10.0

    CRITICAL
    CVE-2022-23658

    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this sec... Read more

    Affected Products : clearpass_policy_manager
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23227

    NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it ... Read more

    Affected Products : nvrmini2_firmware nvrmini_2 nvrmini2
    • Actively Exploited
    • Published: Jan. 14, 2022
    • Modified: Mar. 13, 2025

  • 10.0

    CRITICAL
    CVE-2022-22947

    In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that coul... Read more

    • Actively Exploited
    • Published: Mar. 03, 2022
    • Modified: Mar. 13, 2025

  • 10.0

    HIGH
    CVE-2022-22586

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20749

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20712

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20699

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • Actively Exploited
    • Published: Feb. 10, 2022
    • Modified: Mar. 13, 2025
Showing 20 of 293259 Results