Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-42252

    If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containi... Read more

    Affected Products : tomcat
    • EPSS Score: %0.16
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2022-40839

    A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data.... Read more

    Affected Products : ndkadvancedcustomizationfields
    • EPSS Score: %0.92
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-40471

    Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php... Read more

    • EPSS Score: %88.95
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.2

    HIGH
    CVE-2022-3334

    The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.... Read more

    Affected Products : easy_wp_smtp
    • EPSS Score: %0.32
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-3314

    Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • EPSS Score: %0.12
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-3313

    Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.11
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 4.6

    MEDIUM
    CVE-2022-3312

    Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • EPSS Score: %0.01
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-3310

    Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Med... Read more

    Affected Products : android chrome edge_chromium
    • EPSS Score: %0.03
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-3309

    Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity:... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.12
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-3254

    The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, lea... Read more

    • EPSS Score: %20.14
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 4.8

    MEDIUM
    CVE-2022-3237

    The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : wp_contact_slider
    • EPSS Score: %0.16
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-3096

    The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators... Read more

    Affected Products : wp_total_hacks
    • EPSS Score: %0.15
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-37623

    Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.... Read more

    Affected Products : browserify-shim
    • EPSS Score: %0.14
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-31692

    Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application ... Read more

    • EPSS Score: %6.71
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2018-6347

    An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.... Read more

    Affected Products : proxygen proxygen
    • EPSS Score: %0.43
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2018-6346

    A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.... Read more

    Affected Products : proxygen proxygen
    • EPSS Score: %0.33
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2018-6344

    A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93,... Read more

    Affected Products : whatsapp
    • EPSS Score: %0.57
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2018-6343

    Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releas... Read more

    Affected Products : proxygen
    • EPSS Score: %0.27
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-6331

    Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.... Read more

    Affected Products : buck
    • EPSS Score: %0.44
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 7.1

    HIGH
    CVE-2024-13574

    The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : xv_random_quotes
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291358 Results