Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-3421

    Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : debian_linux chrome edge_chromium
    • EPSS Score: %0.67
    • Published: Jun. 26, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-3420

    Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : debian_linux chrome edge_chromium
    • EPSS Score: %3.80
    • Published: Jun. 26, 2023
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2023-3344

    The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm... Read more

    • EPSS Score: %0.08
    • Published: Jul. 24, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-3217

    Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %17.40
    • Published: Jun. 13, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-3216

    Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.44
    • Published: Jun. 13, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-3215

    Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %15.78
    • Published: Jun. 13, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-3214

    Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %1.13
    • Published: Jun. 13, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-3041

    The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.... Read more

    Affected Products : automatic_conversation
    • EPSS Score: %0.11
    • Published: Jul. 17, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-39143

    PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).... Read more

    Affected Products : windows papercut_ng papercut_mf
    • EPSS Score: %88.63
    • Published: Aug. 04, 2023
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2023-38743

    Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %21.26
    • Published: Sep. 11, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-38615

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • EPSS Score: %0.09
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-38600

    The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • EPSS Score: %0.91
    • Published: Jul. 27, 2023
    • Modified: May. 05, 2025

  • 10.0

    CRITICAL
    CVE-2023-38586

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos
    • EPSS Score: %0.36
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-38427

    An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.... Read more

    Affected Products : linux_kernel h300s h410s h500s h700s
    • EPSS Score: %0.09
    • Published: Jul. 18, 2023
    • Modified: May. 05, 2025

  • 4.6

    MEDIUM
    CVE-2023-37453

    An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Jul. 06, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-36661

    Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)... Read more

    Affected Products : debian_linux xmltooling
    • EPSS Score: %60.67
    • Published: Jun. 25, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2023-35824

    An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.01
    • Published: Jun. 18, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2023-35823

    An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.01
    • Published: Jun. 18, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-35788

    An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or pri... Read more

    • EPSS Score: %0.01
    • Published: Jun. 16, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-35682

    In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Sep. 11, 2023
    • Modified: May. 05, 2025
Showing 20 of 291205 Results