Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-32882

    This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2022-32861

    A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.... Read more

    Affected Products : macos safari
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-32211

    A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-28978

    Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service... Read more

    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-28637

    A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-23685

    A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input aga... Read more

    Affected Products : clearpass_policy_manager
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 4.8

    MEDIUM
    CVE-2024-46333

    An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function.... Read more

    Affected Products : piwigo
    • Published: Sep. 27, 2024
    • Modified: May. 27, 2025

  • 7.6

    HIGH
    CVE-2024-46510

    ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface... Read more

    Affected Products : cdg
    • Published: Sep. 30, 2024
    • Modified: May. 27, 2025

  • 6.3

    MEDIUM
    CVE-2024-46485

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Sep. 25, 2024
    • Modified: May. 27, 2025

  • 4.7

    MEDIUM
    CVE-2024-46600

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Sep. 25, 2024
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-46632

    Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.... Read more

    Affected Products : assimp
    • Published: Sep. 26, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-3045

    A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection... Read more

    • Published: Apr. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-30849

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.0.... Read more

    Affected Products : essential_real_estate
    • Published: Apr. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-30870

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5.... Read more

    Affected Products : wp_travel_engine
    • Published: Apr. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2022-48733

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pendi... Read more

    Affected Products : linux_kernel
    • Published: Jun. 20, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2024-38577

    In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. ... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2024-38581

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_mes.c... Read more

    Affected Products : linux_kernel
    • Published: Jun. 19, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-48740

    In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller f... Read more

    Affected Products : linux_kernel
    • Published: Jun. 20, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-13553

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a... Read more

    Affected Products : sms_alert_order_notifications
    • Published: Apr. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-3121

    A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been d... Read more

    Affected Products : pytorch
    • Published: Apr. 02, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293497 Results