Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2022-26761

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos mac_os_x
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-25313

    In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.... Read more

    • Published: Feb. 18, 2022
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2020-12762

    json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.... Read more

    • Published: May. 09, 2020
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2019-15903

    In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.... Read more

    Affected Products : python libexpat
    • Published: Sep. 04, 2019
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2018-20843

    In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).... Read more

    • Published: Jun. 24, 2019
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-21309

    Windows Kernel-Mode Driver Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 09, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-39479

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are device managed resources, the expectation, on device unbind, is that hwmon will be release... Read more

    Affected Products : linux_kernel
    • Published: Jul. 05, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-39291

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncati... Read more

    Affected Products : linux_kernel
    • Published: Jun. 24, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-39277

    In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: arr... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-38667

    In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. However this is not the case for the idle threads of the seco... Read more

    Affected Products : linux_kernel
    • Published: Jun. 24, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-38664

    In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initia... Read more

    Affected Products : linux_kernel
    • Published: Jun. 24, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-24332

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-22569

    Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0.... Read more

    Affected Products : poscms
    • Published: Jan. 31, 2024
    • Modified: May. 30, 2025

  • 9.3

    HIGH
    CVE-2022-26770

    An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privil... Read more

    Affected Products : macos mac_os_x
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 9.3

    HIGH
    CVE-2022-26769

    A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileg... Read more

    Affected Products : macos mac_os_x
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 9.3

    HIGH
    CVE-2022-26768

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2022-26767

    The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.... Read more

    Affected Products : macos
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2022-26766

    A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass si... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 4.7

    MEDIUM
    CVE-2022-26765

    A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authenti... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2021-38604

    In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.... Read more

    • Published: Aug. 12, 2021
    • Modified: May. 30, 2025
Showing 20 of 292769 Results