Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-30445

    A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause a... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2023-49959

    In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST reques... Read more

    Affected Products : profinet-inspektor_nt
    • Published: Feb. 26, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25730

    Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).... Read more

    • Published: Feb. 23, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44053

    The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s... Read more

    Affected Products : d8s-networking
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44052

    The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-dates
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44051

    The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.... Read more

    Affected Products : d8s-stats
    • EPSS Score: %0.14
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44050

    The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-networking
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44049

    The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-python
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-44048

    The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.... Read more

    Affected Products : d8s-urls
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-43359

    Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file.... Read more

    Affected Products : gifdec
    • EPSS Score: %0.04
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43352

    Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.09
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-42788

    A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information.... Read more

    Affected Products : macos
    • EPSS Score: %0.06
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-25918

    The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.... Read more

    Affected Products : shescape
    • EPSS Score: %0.27
    • Published: Oct. 27, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2019-8062

    Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : after_effects
    • EPSS Score: %7.87
    • Published: Aug. 14, 2019
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2018-9866

    A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.... Read more

    Affected Products : global_management_system
    • EPSS Score: %11.74
    • Published: Aug. 03, 2018
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2017-6511

    andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.... Read more

    Affected Products : finecms
    • EPSS Score: %0.24
    • Published: Mar. 07, 2017
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2025-27193

    Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : macos windows bridge
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27194

    Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos media_encoder windows
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27195

    Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic... Read more

    Affected Products : macos media_encoder windows
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27196

    Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more

    Affected Products : macos premiere_pro windows
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291258 Results