Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2022-38934

    readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.... Read more

    Affected Products : toaruos
    • EPSS Score: %0.03
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 8.4

    HIGH
    CVE-2022-38932

    readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file.... Read more

    Affected Products : toaruos
    • EPSS Score: %0.04
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-38335

    Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.... Read more

    Affected Products : vtiger_crm
    • EPSS Score: %0.49
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-36771

    IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.... Read more

    Affected Products : qradar_user_behavior_analytics
    • EPSS Score: %0.06
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 8.2

    HIGH
    CVE-2022-36448

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.06
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2022-32168

    Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.... Read more

    Affected Products : notepad\+\+
    • EPSS Score: %0.05
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2022-32166

    In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modifi... Read more

    Affected Products : debian_linux open_vswitch
    • EPSS Score: %0.64
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2022-2760

    In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.... Read more

    Affected Products : octopus_server
    • EPSS Score: %0.30
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2022-23716

    A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.... Read more

    Affected Products : elastic_cloud_enterprise
    • EPSS Score: %0.29
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2022-1270

    In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.... Read more

    Affected Products : debian_linux graphicsmagick
    • EPSS Score: %0.05
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 3.7

    LOW
    CVE-2021-43980

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18... Read more

    Affected Products : debian_linux tomcat
    • EPSS Score: %0.16
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-41433

    SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.... Read more

    • EPSS Score: %0.03
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.7

    MEDIUM
    CVE-2021-27862

    Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).... Read more

    Affected Products : ieee_802.2 p802.1q
    • EPSS Score: %0.02
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.7

    MEDIUM
    CVE-2021-27861

    Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)... Read more

    Affected Products : ieee_802.2 p802.1q
    • EPSS Score: %0.01
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.7

    MEDIUM
    CVE-2021-27854

    Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.... Read more

    Affected Products : ieee_802.2 p802.1q
    • EPSS Score: %0.02
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.6

    MEDIUM
    CVE-2025-26091

    A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'name' parameter whe... Read more

    Affected Products : team_password_manager
    • Published: Mar. 04, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-33072

    Improper access control in Azure allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: May. 08, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2024-44674

    D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.... Read more

    Affected Products : covr-2600r_firmware covr-2600r
    • Published: Oct. 07, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-47732

    Microsoft Dataverse Remote Code Execution Vulnerability... Read more

    Affected Products : dataverse
    • Published: May. 08, 2025
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2024-44589

    Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code.... Read more

    Affected Products : dcs-960l_firmware dcs-960l
    • Published: Sep. 18, 2024
    • Modified: May. 21, 2025
Showing 20 of 292761 Results