Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-31865

    Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Use... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-31864

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 7.1

    HIGH
    CVE-2022-42327

    x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the... Read more

    Affected Products : fedora xen
    • EPSS Score: %0.01
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-42317

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-42316

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-31867

    Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommend... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-31868

    Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to ve... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-31866

    Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before ... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2025-31203

    An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-31202

    A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-30445

    A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause a... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2023-49959

    In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST reques... Read more

    Affected Products : profinet-inspektor_nt
    • Published: Feb. 26, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25730

    Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).... Read more

    • Published: Feb. 23, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44053

    The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s... Read more

    Affected Products : d8s-networking
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44052

    The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-dates
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44051

    The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.... Read more

    Affected Products : d8s-stats
    • EPSS Score: %0.14
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44050

    The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-networking
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44049

    The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-python
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44048

    The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.... Read more

    Affected Products : d8s-urls
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-43359

    Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file.... Read more

    Affected Products : gifdec
    • EPSS Score: %0.04
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025
Showing 20 of 291255 Results