Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-30673

    Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Ex... Read more

    Affected Products : macos windows indesign
    • EPSS Score: %0.04
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33461

    iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.... Read more

    Affected Products : iniparser
    • EPSS Score: %0.04
    • Published: Jun. 01, 2023
    • Modified: Jan. 09, 2025

  • 5.5

    MEDIUM
    CVE-2020-15649

    Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffec... Read more

    Affected Products : android firefox_esr
    • EPSS Score: %0.24
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-28855

    Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Ex... Read more

    Affected Products : macos windows indesign
    • EPSS Score: %0.03
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33304

    A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.... Read more

    Affected Products : forticlient
    • EPSS Score: %0.00
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33251

    When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.... Read more

    Affected Products : linux_kernel akka_http
    • EPSS Score: %0.04
    • Published: May. 21, 2023
    • Modified: Jan. 31, 2025

  • 5.5

    MEDIUM
    CVE-2022-28191

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service.... Read more

    Affected Products : virtual_gpu
    • EPSS Score: %0.07
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33196

    Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7. ... Read more

    Affected Products : craft_cms
    • EPSS Score: %0.08
    • Published: May. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33202

    Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and P... Read more

    • EPSS Score: %0.06
    • Published: Nov. 23, 2023
    • Modified: Aug. 18, 2025

  • 5.5

    MEDIUM
    CVE-2022-27135

    xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.15
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-1505

    An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To expl... Read more

    • EPSS Score: %1.17
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-1500

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request ... Read more

    • EPSS Score: %1.96
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-26878

    drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Mar. 11, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2023-33162

    Microsoft Excel Information Disclosure Vulnerability... Read more

    • EPSS Score: %0.77
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33122

    A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Tea... Read more

    Affected Products : jt2go teamcenter_visualization
    • EPSS Score: %0.09
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33111

    Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.... Read more

    • Published: Apr. 01, 2024
    • Modified: Aug. 11, 2025

  • 5.5

    MEDIUM
    CVE-2022-26102

    Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if h... Read more

    Affected Products : netweaver_application_server_abap
    • EPSS Score: %0.18
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-25484

    tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.... Read more

    Affected Products : tcpreplay
    • EPSS Score: %0.13
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-25327

    The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that ... Read more

    Affected Products : fscrypt
    • EPSS Score: %0.04
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33139

    Visual Studio Information Disclosure Vulnerability... Read more

    • EPSS Score: %1.14
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292512 Results