Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-6036

    The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attacker... Read more

    • EPSS Score: %46.58
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 6.1

    MEDIUM
    CVE-2023-52430

    The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.... Read more

    Affected Products : caddy-security caddy-security
    • EPSS Score: %1.27
    • Published: Feb. 12, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-46257

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.... Read more

    Affected Products : windows avalanche
    • EPSS Score: %1.89
    • Published: Dec. 19, 2023
    • Modified: May. 06, 2025

  • 5.7

    MEDIUM
    CVE-2023-42940

    A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.... Read more

    Affected Products : macos
    • EPSS Score: %0.16
    • Published: Dec. 19, 2023
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-41727

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.... Read more

    Affected Products : windows avalanche
    • EPSS Score: %1.89
    • Published: Dec. 19, 2023
    • Modified: May. 06, 2025

  • 9.1

    CRITICAL
    CVE-2023-27172

    Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.... Read more

    Affected Products : write-back_manager
    • EPSS Score: %0.08
    • Published: Dec. 20, 2023
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2022-44081

    Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail.... Read more

    Affected Products : lodepng
    • EPSS Score: %0.03
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2022-44079

    pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode.... Read more

    Affected Products : pycdc
    • EPSS Score: %0.04
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-43752

    Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted print... Read more

    Affected Products : solaris _common_desktop_environment
    • EPSS Score: %0.05
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2022-43152

    tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h.... Read more

    Affected Products : tsmuxer
    • EPSS Score: %0.04
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2022-43151

    timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc.... Read more

    Affected Products : timg
    • EPSS Score: %0.03
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2022-43148

    rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h.... Read more

    Affected Products : rtf2html
    • EPSS Score: %0.04
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2022-40617

    strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) tha... Read more

    • EPSS Score: %0.20
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-40488

    ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).... Read more

    Affected Products : processwire
    • EPSS Score: %0.22
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32940

    The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.05
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32939

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.13
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 5.3

    MEDIUM
    CVE-2022-32938

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.... Read more

    Affected Products : macos iphone_os ipados
    • EPSS Score: %0.25
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2022-32936

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.07
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 4.6

    MEDIUM
    CVE-2022-32935

    A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.... Read more

    Affected Products : macos iphone_os ipados
    • EPSS Score: %0.11
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2022-32934

    The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution.... Read more

    Affected Products : macos
    • EPSS Score: %1.39
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025
Showing 20 of 291384 Results