Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-37518

    HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. ... Read more

    Affected Products : bigfix_servicenow_data_flow
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-36259

    Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.... Read more

    Affected Products : craft_cms
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-24049

    An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.... Read more

    Affected Products : ac21000_g6_firmware ac21000_g6
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35068

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35067

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35066

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35065

    OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35064

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35063

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35062

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35061

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2022-32911

    The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2022-32908

    A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-32886

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.... Read more

    Affected Products : fedora debian_linux iphone_os safari ipados
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-32883

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.2

    HIGH
    CVE-2025-4687

    In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company wi... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-5257

    SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensit... Read more

    Affected Products : mautic
    • Published: May. 28, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-47055

    SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR... Read more

    Affected Products : mautic
    • Published: May. 28, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-4583

    The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output ... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-48045

    An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293353 Results