Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2022-26773

    A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.... Read more

    Affected Products : itunes
    • EPSS Score: %0.25
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 9.3

    HIGH
    CVE-2022-26772

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • EPSS Score: %0.26
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 9.3

    HIGH
    CVE-2022-26771

    A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os tvos watchos ipados
    • EPSS Score: %0.26
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-20082

    In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6833 mt6835 mt6853 mt6855 mt6873 mt6875 +24 more products
    • Published: Aug. 14, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-20083

    In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS0880578... Read more

    Affected Products : android mt6779 mt6785 mt8791t mt8797 mt6765 mt6768 mt8321 mt8667 mt8765 +15 more products
    • Published: Aug. 14, 2024
    • Modified: May. 30, 2025

  • 8.5

    HIGH
    CVE-2025-40582

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local atta... Read more

    • Published: May. 13, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-40583

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local attacker to... Read more

    • Published: May. 13, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2023-40490

    Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : cinema_4d
    • Published: May. 07, 2024
    • Modified: May. 30, 2025

  • 5.9

    MEDIUM
    CVE-2024-6487

    The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : inline_related_posts
    • Published: Jul. 29, 2024
    • Modified: May. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-6366

    The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.... Read more

    Affected Products : profile_builder
    • Published: Jul. 29, 2024
    • Modified: May. 30, 2025

  • 6.8

    MEDIUM
    CVE-2024-6021

    The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability... Read more

    • Published: Jul. 30, 2024
    • Modified: May. 30, 2025

  • 5.9

    MEDIUM
    CVE-2024-3113

    The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting... Read more

    Affected Products : simple_form
    • Published: Jul. 30, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-36782

    TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.... Read more

    Affected Products : cp300_firmware cp300
    • Published: Jun. 03, 2024
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2024-34009

    Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2024-34007

    The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-34006

    The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025

  • 8.4

    HIGH
    CVE-2024-34001

    Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-34000

    ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-33999

    The referrer URL used by MFA required additional sanitizing, rather than being used directly.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-33998

    Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 30, 2025
Showing 20 of 292727 Results