Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-40189

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to ... Read more

    • EPSS Score: %2.12
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 5.1

    MEDIUM
    CVE-2022-3500

    A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for t... Read more

    Affected Products : enterprise_linux fedora keylime
    • EPSS Score: %0.02
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-39070

    There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.... Read more

    • EPSS Score: %1.09
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-39067

    There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.... Read more

    Affected Products : mf286r_firmware mf286r
    • EPSS Score: %0.25
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-39066

    There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.... Read more

    Affected Products : mf286r_firmware mf286r
    • EPSS Score: %71.36
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2022-38724

    Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.... Read more

    Affected Products : framework assets asset_admin
    • EPSS Score: %0.32
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-38649

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access t... Read more

    • EPSS Score: %3.08
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-38462

    Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.... Read more

    Affected Products : framework
    • EPSS Score: %0.57
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 5.3

    MEDIUM
    CVE-2022-37774

    There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file ac... Read more

    Affected Products : maarch_rm
    • EPSS Score: %0.24
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 8.4

    HIGH
    CVE-2022-37018

    A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.... Read more

    • EPSS Score: %0.17
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-1038

    A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.... Read more

    • EPSS Score: %0.12
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-3821

    A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.... Read more

    Affected Products : futuresmart_5
    • EPSS Score: %1.23
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 8.4

    HIGH
    CVE-2021-3661

    A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.... Read more

    • EPSS Score: %1.49
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-3437

    Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities.... Read more

    • EPSS Score: %18.85
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44201

    D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • EPSS Score: %0.80
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44200

    Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44199

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44198

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44197

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44196

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291739 Results