Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2023-5005

    The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin ... Read more

    • EPSS Score: %0.09
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2023-50981

    ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.... Read more

    Affected Products : crypto\+\+
    • EPSS Score: %0.07
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-50272

    A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.... Read more

    • EPSS Score: %0.02
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2023-49489

    Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.... Read more

    Affected Products : kodexplorer
    • EPSS Score: %0.53
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2023-47257

    ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.... Read more

    Affected Products : automate screenconnect
    • EPSS Score: %4.96
    • Published: Feb. 01, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-46344

    A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /... Read more

    Affected Products : 2000_pm\+_firmware 2000_pm\+
    • EPSS Score: %0.18
    • Published: Feb. 02, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2023-45230

    EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Inte... Read more

    Affected Products : edk2
    • EPSS Score: %0.28
    • Published: Jan. 16, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2023-40393

    An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication.... Read more

    Affected Products : macos iphone_os ipados
    • EPSS Score: %0.28
    • Published: Jan. 10, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3599

    LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.... Read more

    • EPSS Score: %0.03
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3598

    LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit ... Read more

    • EPSS Score: %0.04
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3597

    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sou... Read more

    • EPSS Score: %0.02
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-3395

    The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection ... Read more

    Affected Products : wp_all_export
    • EPSS Score: %0.29
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-3246

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers... Read more

    Affected Products : blog2social
    • EPSS Score: %1.16
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3097

    The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections.... Read more

    Affected Products : lbstopattack
    • EPSS Score: %0.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-38870

    Free5gc v3.2.1 is vulnerable to Information disclosure.... Read more

    Affected Products : free5gc
    • EPSS Score: %85.61
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2022-38162

    Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.... Read more

    Affected Products : f-secure_policy_manager
    • EPSS Score: %0.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-36966

    Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.... Read more

    Affected Products : orion_platform solarwinds_platform
    • EPSS Score: %0.22
    • Published: Oct. 20, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-36454

    A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to ... Read more

    Affected Products : micollab
    • EPSS Score: %0.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-36453

    A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attack... Read more

    Affected Products : micollab
    • EPSS Score: %0.24
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-36452

    A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the appli... Read more

    Affected Products : micollab
    • EPSS Score: %1.90
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025
Showing 20 of 291570 Results