Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-24184

    The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: May. 19, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-24189

    The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.... Read more

    • Published: May. 19, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-31185

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.... Read more

    Affected Products : iphone_os ipados
    • Published: May. 19, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-31262

    A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: May. 19, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-7139

    Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service.  If a watchdog timer is not enabled, a hard reset is required to rec... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: May. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-7138

    An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: May. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-7137

    The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed d... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: May. 28, 2025

  • 6.5

    MEDIUM
    CVE-2022-41255

    Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : cons3rt
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.1

    HIGH
    CVE-2022-40616

    IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.... Read more

    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-40030

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-40029

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted pay... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-40028

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted pay... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2022-40027

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2022-40026

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2022-37027

    Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an at... Read more

    Affected Products : cloud_backup_suite
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.3

    MEDIUM
    CVE-2022-35621

    Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.... Read more

    Affected Products : evohclaimable
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.0

    CRITICAL
    CVE-2022-30578

    The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful at... Read more

    Affected Products : ebx_add-ons
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.7

    MEDIUM
    CVE-2022-29800

    A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to repla... Read more

    Affected Products : windows_defender_for_endpoint
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2021-4297

    A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unkn... Read more

    Affected Products : jobe
    • Published: Jan. 01, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-5032

    A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection
Showing 20 of 293509 Results