Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-32923

    A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose ... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • EPSS Score: %0.19
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32903

    A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os tvos watchos
    • EPSS Score: %0.18
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 4.7

    MEDIUM
    CVE-2022-32895

    A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • EPSS Score: %0.06
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 8.6

    HIGH
    CVE-2022-32892

    An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos iphone_os safari ipados
    • EPSS Score: %0.14
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 8.6

    HIGH
    CVE-2022-32890

    A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos
    • EPSS Score: %0.23
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 2.4

    LOW
    CVE-2022-32870

    A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information.... Read more

    Affected Products : macos iphone_os watchos
    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-31777

    A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in... Read more

    Affected Products : spark
    • EPSS Score: %0.26
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-2572

    In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.... Read more

    Affected Products : octopus_server
    • EPSS Score: %0.24
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.7

    MEDIUM
    CVE-2025-1122

    Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challe... Read more

    Affected Products : chrome_os
    • Published: Apr. 15, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2022-3872

    An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this... Read more

    Affected Products : qemu
    • EPSS Score: %0.04
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-2711

    The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible b... Read more

    • EPSS Score: %0.35
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2022-2387

    The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin dele... Read more

    • EPSS Score: %0.16
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.1

    CRITICAL
    CVE-2024-25065

    Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Feb. 29, 2024
    • Modified: May. 05, 2025

  • 7.1

    HIGH
    CVE-2023-51747

    Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge ... Read more

    Affected Products : james
    • Published: Feb. 27, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-51518

    Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in pri... Read more

    Affected Products : james
    • Published: Feb. 27, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-50379

    Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cl... Read more

    Affected Products : ambari
    • Published: Feb. 27, 2024
    • Modified: May. 05, 2025

  • 9.1

    CRITICAL
    CVE-2024-22393

    Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack b... Read more

    Affected Products : answer
    • Published: Feb. 22, 2024
    • Modified: May. 05, 2025

  • 0.0

    NA
    CVE-2023-53102

    In the Linux kernel, the following vulnerability has been resolved: ice: xsk: disable txq irq before flushing hw ice_qp_dis() intends to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps is to disable interrupts on the... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53064

    In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver:... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53108

    In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucv_irq_data needs to be 4 bytes larger. These bytes are not used by the iucv module, but written by the z/VM hypervisor in case a CPU is deconfigu... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291293 Results