Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2023-5124

    The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site Wor... Read more

    Affected Products : pagelayer
    • Published: Jan. 29, 2024
    • Modified: May. 22, 2025

  • 7.0

    HIGH
    CVE-2023-5091

    Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.... Read more

    Affected Products : valhall_gpu_kernel_driver
    • Published: Jan. 08, 2024
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-48085

    Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.... Read more

    Affected Products : nagios_xi
    • Published: Dec. 14, 2023
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2023-46750

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. ... Read more

    Affected Products : shiro
    • Published: Dec. 14, 2023
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2023-41151

    An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.... Read more

    • Published: Dec. 14, 2023
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-40103

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-40102

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-40101

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40100

    Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-35247

    A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-32823

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak se... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.8

    HIGH
    CVE-2022-32821

    A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.8

    HIGH
    CVE-2022-32819

    A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-32229

    A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2020-36773

    Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).... Read more

    Affected Products : ghostscript
    • Published: Feb. 04, 2024
    • Modified: May. 22, 2025

  • 4.9

    MEDIUM
    CVE-2020-26630

    A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in a... Read more

    • Published: Jan. 10, 2024
    • Modified: May. 22, 2025

  • 5.7

    MEDIUM
    CVE-2018-5448

    Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.... Read more

    • Published: May. 04, 2018
    • Modified: May. 22, 2025

  • 5.3

    MEDIUM
    CVE-2018-5446

    Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.... Read more

    • Published: May. 04, 2018
    • Modified: May. 22, 2025

  • 8.0

    HIGH
    CVE-2018-10596

    Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an ... Read more

    • Published: Jul. 03, 2018
    • Modified: May. 22, 2025

  • 8.3

    HIGH
    CVE-2024-26139

    OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can ga... Read more

    Affected Products : opencti
    • Published: May. 23, 2024
    • Modified: May. 22, 2025
Showing 20 of 292795 Results