Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-2721

    Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.24
    • Published: May. 16, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-2362

    The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress... Read more

    • EPSS Score: %0.11
    • Published: Jun. 12, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-2176

    A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privile... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Apr. 20, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-2008

    A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An att... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.60
    • Published: Apr. 14, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-29468

    The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be trig... Read more

    Affected Products : wilink8-wifi-mcp8
    • EPSS Score: %53.86
    • Published: Aug. 14, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-29059

    3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402,... Read more

    Affected Products : 3cx
    • EPSS Score: %0.30
    • Published: Mar. 30, 2023
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2023-28866

    In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Mar. 27, 2023
    • Modified: May. 05, 2025

  • 6.7

    MEDIUM
    CVE-2023-28772

    An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.14
    • Published: Mar. 23, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-28500

    A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe ... Read more

    Affected Products : livecycle_es4
    • EPSS Score: %8.75
    • Published: Apr. 06, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2023-28466

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).... Read more

    • EPSS Score: %0.02
    • Published: Mar. 16, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-28323

    A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate pri... Read more

    Affected Products : endpoint_manager
    • EPSS Score: %2.58
    • Published: Jul. 01, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-28214

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-28213

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-28212

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 05, 2025

  • 6.8

    MEDIUM
    CVE-2023-28005

    A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Secure Boot process in an attempt to execute other attacks... Read more

    • EPSS Score: %0.05
    • Published: Mar. 22, 2023
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2023-27167

    Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.... Read more

    Affected Products : biostar_2
    • EPSS Score: %0.35
    • Published: Mar. 29, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-27076

    Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.... Read more

    Affected Products : g103_firmware g103
    • EPSS Score: %14.03
    • Published: Apr. 10, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-26802

    An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request.... Read more

    • EPSS Score: %77.45
    • Published: Mar. 26, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-26801

    LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.... Read more

    • EPSS Score: %26.73
    • Published: Mar. 26, 2023
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2023-26609

    ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.... Read more

    • EPSS Score: %36.69
    • Published: Feb. 27, 2023
    • Modified: May. 05, 2025
Showing 20 of 291193 Results