Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-3344

    A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 6.8

    MEDIUM
    CVE-2022-3018

    An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog ... Read more

    Affected Products : gitlab
    • EPSS Score: %0.09
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-39837

    An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointe... Read more

    Affected Products : diagnostic_log_and_trace
    • EPSS Score: %0.03
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-39836

    An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based ... Read more

    Affected Products : diagnostic_log_and_trace
    • EPSS Score: %0.03
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-38580

    Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).... Read more

    Affected Products : skipper
    • EPSS Score: %48.90
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-37915

    A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow a... Read more

    • EPSS Score: %1.95
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-37914

    Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain ad... Read more

    • EPSS Score: %0.43
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-37913

    Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain ad... Read more

    • EPSS Score: %0.32
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-37621

    Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js.... Read more

    Affected Products : browserify-shim
    • EPSS Score: %0.14
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2022-36368

    Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.... Read more

    Affected Products : ipfire
    • EPSS Score: %0.20
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2021-46850

    myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST re... Read more

    Affected Products : vesta_control_panel control_panel
    • EPSS Score: %18.77
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.1

    CRITICAL
    CVE-2021-46848

    GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.... Read more

    Affected Products : fedora debian_linux libtasn1
    • EPSS Score: %0.27
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.0

    MEDIUM
    CVE-2024-20282

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access t... Read more

    Affected Products : nexus_dashboard
    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-20281

    A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This v... Read more

    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 4.2

    MEDIUM
    CVE-2024-28162

    In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching f... Read more

    Affected Products : delphix
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-28161

    In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.... Read more

    Affected Products : delphix
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-51023

    D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-28160

    Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.... Read more

    Affected Products : icescrum
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-51024

    D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-51186

    D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • Published: Nov. 11, 2024
    • Modified: May. 07, 2025
Showing 20 of 291672 Results