Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-32837

    This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos mac_os_x iphone_os tvos ipados
    • EPSS Score: %0.04
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-32834

    An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.06
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2022-32813

    The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execut... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • EPSS Score: %0.06
    • Published: Aug. 24, 2022
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-4483

    The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting... Read more

    Affected Products : email_encoder email_encoder
    • Published: Jul. 29, 2024
    • Modified: May. 29, 2025

  • 4.6

    MEDIUM
    CVE-2024-6362

    The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : ultimate_blocks
    • Published: Jul. 29, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-6223

    The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ... Read more

    • Published: Jul. 30, 2024
    • Modified: May. 29, 2025

  • 5.9

    MEDIUM
    CVE-2024-6224

    The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF atta... Read more

    • Published: Jul. 30, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-1747

    The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Sto... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-2843

    The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2024-3983

    The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Aug. 01, 2024
    • Modified: May. 29, 2025

  • 8.0

    HIGH
    CVE-2024-46328

    VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.... Read more

    Affected Products : vap11g-300_firmware vap11g-300
    • Published: Sep. 26, 2024
    • Modified: May. 29, 2025

  • 8.0

    HIGH
    CVE-2024-46329

    VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.... Read more

    Affected Products : vap11g-300_firmware vap11g-300
    • Published: Sep. 26, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2025-48742

    The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-47189

    Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.... Read more

    • Published: Jun. 04, 2024
    • Modified: May. 29, 2025

  • 5.3

    MEDIUM
    CVE-2024-32792

    Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.... Read more

    Affected Products : hummingbird hummingbird
    • Published: Jun. 09, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-21413

    Microsoft Outlook Remote Code Execution Vulnerability... Read more

    • Actively Exploited
    • EPSS Score: %93.75
    • Published: Feb. 13, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2025-24054

    External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-24985

    Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.... Read more

    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-30397

    Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.... Read more

    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-37226

    Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025
Showing 20 of 291756 Results