Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-32690

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through 11.12.5.... Read more

    Affected Products : powerpress
    • Published: Apr. 09, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2022-42799

    The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.... Read more

    • EPSS Score: %0.53
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-42798

    The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio ... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.06
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-42791

    A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os
    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-42318

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.04
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 8.2

    HIGH
    CVE-2022-36338

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVar... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.06
    • Published: Sep. 23, 2022
    • Modified: May. 05, 2025

  • 6.0

    MEDIUM
    CVE-2022-35896

    An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.06
    • Published: Sep. 22, 2022
    • Modified: May. 05, 2025

  • 8.2

    HIGH
    CVE-2022-35895

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.09
    • Published: Sep. 21, 2022
    • Modified: May. 05, 2025

  • 6.0

    MEDIUM
    CVE-2022-35894

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.04
    • Published: Sep. 22, 2022
    • Modified: May. 05, 2025

  • 8.2

    HIGH
    CVE-2022-35893

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalat... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.08
    • Published: Sep. 23, 2022
    • Modified: May. 05, 2025

  • 3.7

    LOW
    CVE-2022-35252

    When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to a... Read more

    • EPSS Score: %0.08
    • Published: Sep. 23, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-35155

    Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.... Read more

    • EPSS Score: %0.69
    • Published: Sep. 30, 2022
    • Modified: May. 05, 2025

  • 3.3

    LOW
    CVE-2022-33981

    drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.02
    • Published: Jun. 18, 2022
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32953

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-32899

    The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %0.11
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-32898

    The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %3.67
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-32889

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os watchos
    • EPSS Score: %0.12
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32477

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of ... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32475

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of pri... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32471

    An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked ... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025
Showing 20 of 291255 Results