Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2024-2905

    A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potent... Read more

    • Published: Apr. 25, 2024
    • Modified: May. 29, 2025

  • 4.3

    MEDIUM
    CVE-2022-32857

    This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privilege... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • EPSS Score: %0.03
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2022-32840

    This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %0.08
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-32838

    A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.... Read more

    Affected Products : macos mac_os_x iphone_os ipados
    • EPSS Score: %0.06
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2022-32837

    This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos mac_os_x iphone_os tvos ipados
    • EPSS Score: %0.04
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-32834

    An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.06
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2022-32813

    The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execut... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • EPSS Score: %0.06
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-4483

    The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting... Read more

    Affected Products : email_encoder email_encoder
    • Published: Jul. 29, 2024
    • Modified: May. 29, 2025

  • 4.6

    MEDIUM
    CVE-2024-6362

    The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : ultimate_blocks
    • Published: Jul. 29, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-6223

    The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ... Read more

    • Published: Jul. 30, 2024
    • Modified: May. 29, 2025

  • 5.9

    MEDIUM
    CVE-2024-6224

    The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF atta... Read more

    • Published: Jul. 30, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-1747

    The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Sto... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-2843

    The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2024-3983

    The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 8.0

    HIGH
    CVE-2024-46328

    VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.... Read more

    Affected Products : vap11g-300_firmware vap11g-300
    • Published: Sep. 26, 2024
    • Modified: May. 29, 2025

  • 8.0

    HIGH
    CVE-2024-46329

    VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.... Read more

    Affected Products : vap11g-300_firmware vap11g-300
    • Published: Sep. 26, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-48742

    The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-47189

    Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.... Read more

    • Published: Jun. 04, 2024
    • Modified: May. 29, 2025

  • 5.3

    MEDIUM
    CVE-2024-32792

    Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.... Read more

    Affected Products : hummingbird hummingbird
    • Published: Jun. 09, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-21413

    Microsoft Outlook Remote Code Execution Vulnerability... Read more

    • Actively Exploited
    • EPSS Score: %93.75
    • Published: Feb. 13, 2024
    • Modified: May. 29, 2025
Showing 20 of 291741 Results