Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-21793

    Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to ... Read more

    • EPSS Score: %0.16
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21741

    Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and ar... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.23
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-21740

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.41
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21739

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.22
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21738

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorF... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.22
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21737

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.22
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 7.6

    HIGH
    CVE-2022-21736

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDatase... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.25
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21735

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFl... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.22
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21734

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.22
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21733

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.23
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21731

    Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` ... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.30
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 8.1

    HIGH
    CVE-2022-21730

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in Ten... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.30
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21729

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on Tenso... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.22
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 8.1

    HIGH
    CVE-2022-21728

    Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim`... Read more

    Affected Products : tensorflow
    • EPSS Score: %1.12
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-21727

    Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other posit... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.33
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-21726

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or a... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.30
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-21725

    Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add ... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.22
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-21724

    pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pg... Read more

    • EPSS Score: %3.89
    • Published: Feb. 02, 2022
    • Modified: May. 05, 2025

  • 4.9

    MEDIUM
    CVE-2022-21720

    GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `... Read more

    Affected Products : glpi
    • EPSS Score: %0.41
    • Published: Jan. 28, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-21719

    GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds.... Read more

    Affected Products : glpi
    • EPSS Score: %0.31
    • Published: Jan. 28, 2022
    • Modified: May. 05, 2025
Showing 20 of 291255 Results