Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2022-37906

    An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %0.19
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2022-37905

    Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating s... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.45
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2022-37904

    Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating s... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.25
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-37901

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.43
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-37899

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.43
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-37898

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.43
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-37897

    There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerab... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %1.28
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2022-37865

    With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the ... Read more

    Affected Products : ivy
    • EPSS Score: %0.35
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2022-37710

    Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypte... Read more

    Affected Products : eaglesoft
    • EPSS Score: %0.03
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-34822

    Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remot... Read more

    • EPSS Score: %7.22
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 8.1

    HIGH
    CVE-2022-33684

    The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man ... Read more

    Affected Products : pulsar
    • EPSS Score: %0.16
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 6.4

    MEDIUM
    CVE-2022-32609

    In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410.... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 +22 more products
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.4

    MEDIUM
    CVE-2022-32608

    In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753.... Read more

    Affected Products : android mt6893 mt6895
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.7

    MEDIUM
    CVE-2022-32607

    In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS0720... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6873 mt6875 +39 more products
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.7

    MEDIUM
    CVE-2022-32605

    In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ... Read more

    Affected Products : android mt6879 mt6895 mt6983
    • EPSS Score: %0.01
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.7

    MEDIUM
    CVE-2022-32603

    In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ... Read more

    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-31691

    Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing... Read more

    • EPSS Score: %18.70
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 7.3

    HIGH
    CVE-2022-2904

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerabili... Read more

    Affected Products : gitlab
    • EPSS Score: %3.07
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-27585

    Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mecha... Read more

    Affected Products : sim1000_fx_firmware sim1000_fx
    • EPSS Score: %2.22
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 4.7

    MEDIUM
    CVE-2021-42205

    ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.... Read more

    Affected Products : elan_miniport_touchpad_driver
    • EPSS Score: %0.04
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025
Showing 20 of 291209 Results