Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-22778

    HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.... Read more

    Affected Products : codimd codimd
    • Published: Feb. 21, 2024
    • Modified: May. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-3567

    A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a... Read more

    Affected Products : enterprise_linux qemu
    • Published: Apr. 10, 2024
    • Modified: May. 06, 2025

  • 5.3

    MEDIUM
    CVE-2023-6693

    A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This co... Read more

    Affected Products : enterprise_linux fedora qemu
    • EPSS Score: %0.03
    • Published: Jan. 02, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-45618

    Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45617

    Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45616

    Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45615

    Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45614

    Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2022-34662

    When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher... Read more

    Affected Products : dolphinscheduler
    • EPSS Score: %0.20
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32924

    The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.10
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2022-32923

    A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose ... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • EPSS Score: %0.19
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 7.8

    HIGH
    CVE-2022-32903

    A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os tvos watchos
    • EPSS Score: %0.18
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 4.7

    MEDIUM
    CVE-2022-32895

    A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • EPSS Score: %0.06
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 8.6

    HIGH
    CVE-2022-32892

    An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos iphone_os safari ipados
    • EPSS Score: %0.14
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 8.6

    HIGH
    CVE-2022-32890

    A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos
    • EPSS Score: %0.23
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 2.4

    LOW
    CVE-2022-32870

    A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information.... Read more

    Affected Products : macos iphone_os watchos
    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-31777

    A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in... Read more

    Affected Products : spark
    • EPSS Score: %0.26
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-2572

    In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.... Read more

    Affected Products : octopus_server
    • EPSS Score: %0.24
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 6.7

    MEDIUM
    CVE-2025-1122

    Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challe... Read more

    Affected Products : chrome_os
    • Published: Apr. 15, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2022-3872

    An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this... Read more

    Affected Products : qemu
    • EPSS Score: %0.04
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025
Showing 20 of 291401 Results