Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2023-38960

    Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.... Read more

    Affected Products : raidenftpd
    • EPSS Score: %0.03
    • Published: Feb. 13, 2024
    • Modified: May. 07, 2025

  • 7.1

    HIGH
    CVE-2023-20587

    Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. ... Read more

    Affected Products :
    • EPSS Score: %0.04
    • Published: Feb. 13, 2024
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2021-46757

    Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.... Read more

    • EPSS Score: %0.10
    • Published: Feb. 13, 2024
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-25740

    A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-23763

    SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.... Read more

    Affected Products : gambio
    • EPSS Score: %0.07
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-23759

    Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.... Read more

    Affected Products : gambio
    • EPSS Score: %64.42
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2024-0566

    The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.... Read more

    Affected Products : smart_manager
    • EPSS Score: %2.41
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-0421

    The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.... Read more

    • EPSS Score: %0.52
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-0248

    The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and de... Read more

    Affected Products : eazydocs
    • EPSS Score: %0.23
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2023-6869

    A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.... Read more

    Affected Products : firefox
    • EPSS Score: %0.18
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2023-6858

    Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.... Read more

    • EPSS Score: %0.39
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2023-6289

    The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.... Read more

    Affected Products : swift_performance
    • EPSS Score: %2.82
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2023-5005

    The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin ... Read more

    • EPSS Score: %0.09
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2023-50981

    ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.... Read more

    Affected Products : crypto\+\+
    • EPSS Score: %0.07
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-50272

    A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.... Read more

    • EPSS Score: %0.02
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2023-49489

    Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.... Read more

    Affected Products : kodexplorer
    • EPSS Score: %0.53
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2023-47257

    ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.... Read more

    Affected Products : automate screenconnect
    • EPSS Score: %4.96
    • Published: Feb. 01, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2023-46344

    A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /... Read more

    Affected Products : 2000_pm\+_firmware 2000_pm\+
    • EPSS Score: %0.18
    • Published: Feb. 02, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2023-45230

    EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Inte... Read more

    Affected Products : edk2
    • EPSS Score: %0.28
    • Published: Jan. 16, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2023-40393

    An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication.... Read more

    Affected Products : macos iphone_os ipados
    • EPSS Score: %0.28
    • Published: Jan. 10, 2024
    • Modified: May. 07, 2025
Showing 20 of 291608 Results