Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2022-48802

    In the Linux kernel, the following vulnerability has been resolved: fs/proc: task_mmu.c: don't read mapcount for migration entry The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 [#1] PREEMPT SMP ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 16, 2024
    • Modified: May. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-22457

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.... Read more

    • Actively Exploited
    • Published: Apr. 03, 2025
    • Modified: May. 03, 2025

  • 7.5

    HIGH
    CVE-2024-7409

    A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.... Read more

    • Published: Aug. 05, 2024
    • Modified: May. 02, 2025

  • 8.2

    HIGH
    CVE-2024-3446

    A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest use... Read more

    Affected Products : enterprise_linux
    • Published: Apr. 09, 2024
    • Modified: May. 02, 2025

  • 5.1

    MEDIUM
    CVE-2024-3219

    The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. Th... Read more

    Affected Products : python
    • Published: Jul. 29, 2024
    • Modified: May. 02, 2025

  • 3.6

    LOW
    CVE-2024-37372

    The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.... Read more

    Affected Products : node.js
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-27280

    A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may retu... Read more

    Affected Products : ruby
    • Published: May. 14, 2024
    • Modified: May. 02, 2025

  • 4.0

    MEDIUM
    CVE-2023-28362

    The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Lo... Read more

    Affected Products : actionpack
    • Published: Jan. 09, 2025
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2022-43222

    open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.... Read more

    Affected Products : open5gs
    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2022-43221

    open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.... Read more

    Affected Products : open5gs
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2022-43985

    In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.... Read more

    Affected Products : airflow
    • EPSS Score: %2.53
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2022-43982

    In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.... Read more

    Affected Products : airflow
    • EPSS Score: %4.97
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-43670

    An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in ... Read more

    Affected Products : sling_cms
    • EPSS Score: %0.18
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43355

    Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43354

    Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43353

    Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43331

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43330

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43329

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43328

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025
Showing 20 of 291162 Results