Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2023-32854

    In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALP... Read more

    Affected Products : android mt6835 mt6879 mt6886 mt6895 mt6985 mt8791t mt8797 mt6983 mt8321 +10 more products
    • EPSS Score: %0.03
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2023-32843

    In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6835 mt6853 mt6855 mt6873 +26 more products
    • EPSS Score: %1.19
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-21216

    In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-41138

    In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.... Read more

    Affected Products : zutty
    • EPSS Score: %0.19
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-40955

    In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially l... Read more

    Affected Products : inlong
    • EPSS Score: %3.66
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 9.1

    CRITICAL
    CVE-2022-38340

    Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.... Read more

    Affected Products : fme_server
    • EPSS Score: %0.34
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.2

    HIGH
    CVE-2022-37883

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the und... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.57
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-35196

    TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.... Read more

    Affected Products : testlink
    • EPSS Score: %0.10
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2022-34917

    A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryExcep... Read more

    Affected Products : kafka
    • EPSS Score: %0.06
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-28639

    A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) ... Read more

    • EPSS Score: %0.36
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2022-28638

    An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in... Read more

    • EPSS Score: %0.15
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-23695

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.35
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-23694

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.35
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2017-20148

    In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.... Read more

    Affected Products : logcheck
    • EPSS Score: %0.11
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2017-20147

    In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs whe... Read more

    Affected Products : smokeping
    • EPSS Score: %0.06
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2016-20015

    In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokepi... Read more

    Affected Products : smokeping
    • EPSS Score: %0.12
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 10.0

    HIGH
    CVE-2014-1776

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploit... Read more

    • Actively Exploited
    • EPSS Score: %78.23
    • Published: Apr. 27, 2014
    • Modified: May. 29, 2025

  • 9.9

    CRITICAL
    CVE-2025-46673

    NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 9.9

    CRITICAL
    CVE-2025-46674

    NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2024-31099

    Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.... Read more

    • Published: Apr. 01, 2024
    • Modified: May. 29, 2025
Showing 20 of 291750 Results