Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-40293

    The application was vulnerable to a session fixation that could be used hijack accounts. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.09
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.3

    MEDIUM
    CVE-2022-40292

    The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.16
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2022-40291

    The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin a... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.10
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 6.1

    MEDIUM
    CVE-2022-40290

    The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.16
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.0

    CRITICAL
    CVE-2022-40289

    The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.55
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.0

    CRITICAL
    CVE-2022-40288

    The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.10
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.0

    CRITICAL
    CVE-2022-40287

    The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. ... Read more

    Affected Products : php_point_of_sale
    • EPSS Score: %0.10
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 4.8

    MEDIUM
    CVE-2022-3441

    The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : rock_convert
    • EPSS Score: %0.13
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 6.1

    MEDIUM
    CVE-2022-3440

    The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : rock_convert
    • EPSS Score: %0.23
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2022-32927

    The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.28
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.7

    MEDIUM
    CVE-2022-32926

    The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privi... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.1

    HIGH
    CVE-2022-32925

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : iphone_os tvos watchos
    • EPSS Score: %0.07
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2022-32922

    A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os safari ipados
    • EPSS Score: %0.42
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2022-32918

    This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos iphone_os
    • EPSS Score: %0.01
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32915

    A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • EPSS Score: %0.05
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32914

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos
    • EPSS Score: %0.12
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 3.3

    LOW
    CVE-2022-32913

    The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is cu... Read more

    Affected Products : macos iphone_os tvos watchos
    • EPSS Score: %0.05
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32907

    This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os tvos watchos
    • EPSS Score: %0.16
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32905

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges.... Read more

    Affected Products : macos
    • EPSS Score: %0.06
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2022-32904

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • EPSS Score: %0.06
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025
Showing 20 of 291616 Results