Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-24227

    A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.... Read more

    Affected Products : boltwire
    • EPSS Score: %3.28
    • Published: Feb. 15, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-23990

    Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.... Read more

    • EPSS Score: %3.52
    • Published: Jan. 26, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-23852

    Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.... Read more

    • EPSS Score: %1.94
    • Published: Jan. 24, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-23808

    An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %68.57
    • Published: Jan. 22, 2022
    • Modified: May. 05, 2025

  • 9.9

    CRITICAL
    CVE-2022-23603

    iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There ar... Read more

    Affected Products : itunesrpc-remastered
    • EPSS Score: %0.37
    • Published: Feb. 01, 2022
    • Modified: May. 05, 2025

  • 8.1

    HIGH
    CVE-2022-23602

    Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This ca... Read more

    Affected Products : nimforum docutils
    • EPSS Score: %0.39
    • Published: Feb. 01, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-23599

    Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a co... Read more

    Affected Products : plone
    • EPSS Score: %0.23
    • Published: Jan. 28, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-23597

    Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link... Read more

    Affected Products : desktop
    • EPSS Score: %0.62
    • Published: Feb. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-23596

    Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be... Read more

    Affected Products : junrar
    • EPSS Score: %0.36
    • Published: Feb. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-23569

    Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.12
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-23568

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of ... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.30
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-23567

    Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `T... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.45
    • Published: Feb. 03, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-23403

    Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : data_center_manager
    • EPSS Score: %0.13
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-23308

    valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.... Read more

    • EPSS Score: %0.05
    • Published: Feb. 26, 2022
    • Modified: May. 05, 2025

  • 10.0

    HIGH
    CVE-2022-23221

    H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.... Read more

    • EPSS Score: %27.50
    • Published: Jan. 19, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-23219

    The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a... Read more

    • EPSS Score: %0.40
    • Published: Jan. 14, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-23218

    The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a ... Read more

    • EPSS Score: %0.40
    • Published: Jan. 14, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-23182

    Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.... Read more

    Affected Products : data_center_manager
    • EPSS Score: %0.29
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-23095

    Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current proc... Read more

    • EPSS Score: %0.64
    • Published: Jan. 15, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-22967

    An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This aff... Read more

    Affected Products : salt
    • EPSS Score: %0.44
    • Published: Jun. 23, 2022
    • Modified: May. 05, 2025
Showing 20 of 291360 Results