Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2022-0023

    An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to ... Read more

    Affected Products : pan-os prisma_access
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2022-0022

    Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on... Read more

    Affected Products : pan-os prisma_access
    • Published: Mar. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0021

    An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issu... Read more

    Affected Products : windows globalprotect
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-0020

    A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interfac... Read more

    Affected Products : cortex_xsoar
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0019

    An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other loca... Read more

    Affected Products : linux_kernel globalprotect
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0018

    An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProt... Read more

    Affected Products : macos windows globalprotect
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0017

    An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM priv... Read more

    Affected Products : windows globalprotect
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0016

    An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect... Read more

    Affected Products : macos windows globalprotect
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0015

    A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex ... Read more

    Affected Products : cortex_xdr_agent
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-0014

    An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0013

    A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Co... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0012

    An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service con... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0011

    PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category lis... Read more

    Affected Products : pan-os prisma_access
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0010

    Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account.... Read more

    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4439

    In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(T... Read more

    Affected Products : linux_kernel
    • Published: Jun. 20, 2024
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4437

    A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the compo... Read more

    Affected Products : lambda-middleware
    • Published: Feb. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4436

    The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a... Read more

    Affected Products : 3dprint_lite
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-4435

    An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.... Read more

    Affected Products : yarn
    • Published: Feb. 04, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-4434

    The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.... Read more

    Affected Products : social_warfare
    • Published: Jan. 17, 2024
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-4433

    A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the atta... Read more

    Affected Products : sami_http_server
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294277 Results