Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-37235

    Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat... Read more

    Affected Products : r7000_firmware r7000
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-37234

    Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.... Read more

    Affected Products : r7000_firmware r7000
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-36944

    Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase c... Read more

    Affected Products : fedora scala scala-collection-compat
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-35024

    OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.... Read more

    Affected Products : otfcc
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2022-34026

    ICEcoder v8.1 allows attackers to execute a directory traversal.... Read more

    Affected Products : icecoder
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 5.9

    MEDIUM
    CVE-2022-33682

    TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication conn... Read more

    Affected Products : pulsar
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2022-32849

    An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive... Read more

    Affected Products : macos mac_os_x iphone_os tvos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-32814

    A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-31937

    Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.... Read more

    Affected Products : wnr2000v4_firmware wnr2000v4
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 8.2

    HIGH
    CVE-2022-29181

    Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or r... Read more

    Affected Products : macos nokogiri
    • Published: May. 20, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-26112

    In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default fro... Read more

    Affected Products : pinot
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2021-3187

    An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies ... Read more

    • Published: Dec. 11, 2023
    • Modified: May. 27, 2025

  • 8.1

    HIGH
    CVE-2020-36604

    hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.... Read more

    Affected Products : hoek
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2018-16153

    An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.... Read more

    Affected Products : opencast
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2015-8314

    The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.... Read more

    Affected Products : devise
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 8.1

    HIGH
    CVE-2023-44857

    An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component.... Read more

    • Published: Apr. 12, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2025-24274

    An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46631

    Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request.... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-46630

    Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request.... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2023-44854

    Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.... Read more

    • Published: Apr. 12, 2024
    • Modified: May. 27, 2025
Showing 20 of 292879 Results