Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-35156

    Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..... Read more

    • EPSS Score: %0.08
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-21222

    The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse f... Read more

    Affected Products : css-what
    • EPSS Score: %0.21
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 8.5

    HIGH
    CVE-2025-30417

    There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful ex... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-30418

    There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation r... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-30419

    There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful e... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-30420

    There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful expl... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-30421

    There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code executio... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2024-36950

    In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-36941

    In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: May. 30, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-25652

    In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessi... Read more

    Affected Products : secret_server
    • Published: Mar. 14, 2024
    • Modified: May. 20, 2025

  • 7.7

    HIGH
    CVE-2024-21538

    Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a ver... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: May. 20, 2025

  • 2.0

    LOW
    CVE-2024-12014

    Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-52623

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: [ 57.202521] ============================= [ 5... Read more

    Affected Products : linux_kernel
    • Published: Mar. 26, 2024
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-42717

    An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in ... Read more

    • EPSS Score: %0.06
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-41851

    A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerabil... Read more

    Affected Products : jt_open_toolkit simcenter_femap
    • EPSS Score: %0.08
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41385

    The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-html
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41384

    The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-domains
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41383

    The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-archives
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.2

    MEDIUM
    CVE-2022-41209

    SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be suscept... Read more

    Affected Products : customer_data_cloud
    • EPSS Score: %0.07
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-41206

    SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful explo... Read more

    • EPSS Score: %0.96
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025
Showing 20 of 292522 Results