Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-32788

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.73
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 8.4

    HIGH
    CVE-2022-30579

    The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Serv... Read more

    • EPSS Score: %0.15
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2022-2906

    An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.... Read more

    Affected Products : bind
    • EPSS Score: %0.24
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.2

    HIGH
    CVE-2022-2881

    The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.... Read more

    Affected Products : bind
    • EPSS Score: %0.38
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-28640

    A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has ... Read more

    • EPSS Score: %0.39
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-26696

    This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos
    • EPSS Score: %0.17
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-23696

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.35
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-23693

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.35
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-23692

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.35
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2021-46835

    There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.... Read more

    Affected Products : ws7200-10_firmware ws7200-10
    • EPSS Score: %0.04
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 5.5

    MEDIUM
    CVE-2021-46834

    A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).... Read more

    Affected Products : jad-al50_firmware jad-al50
    • EPSS Score: %0.01
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2020-36602

    There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficien... Read more

    • EPSS Score: %0.05
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-3209

    A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_patient.php. The manipulation of the argument itr_no leads to sq... Read more

    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44835

    D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.... Read more

    Affected Products : dir-816_a2_firmware dir-816_a2
    • Published: May. 01, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46566

    DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.... Read more

    Affected Products : dataease
    • Published: May. 01, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-4197

    A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_xpatient.php. The manipulation of the argument lastname leads to sql injection. It is possible t... Read more

    • Published: May. 02, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2025-3513

    The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : sureforms
    • Published: May. 02, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-3514

    The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : sureforms
    • Published: May. 02, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-3136

    A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. A... Read more

    Affected Products : pytorch
    • Published: Apr. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-3123

    A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. ... Read more

    Affected Products : wondercms
    • Published: Apr. 02, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication
Showing 20 of 291756 Results