Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-0699

    Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.21
    • Published: Feb. 07, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0698

    Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.15
    • Published: Feb. 07, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-0589

    The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : wp_image_carousel
    • EPSS Score: %0.10
    • Published: Mar. 27, 2023
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2023-0544

    The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : wp_login_box
    • EPSS Score: %0.08
    • Published: May. 08, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-0536

    The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored C... Read more

    Affected Products : wp-d3
    • EPSS Score: %0.10
    • Published: May. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0464

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certif... Read more

    Affected Products : openssl
    • EPSS Score: %1.37
    • Published: Mar. 22, 2023
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2023-0422

    The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.... Read more

    Affected Products : article_directory
    • EPSS Score: %0.08
    • Published: Apr. 10, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-0421

    The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.... Read more

    Affected Products : cloud_manager
    • EPSS Score: %0.38
    • Published: May. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0401

    A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not availab... Read more

    • EPSS Score: %0.76
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0217

    An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys s... Read more

    Affected Products : openssl
    • EPSS Score: %0.36
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0216

    An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a ... Read more

    • EPSS Score: %0.62
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0215

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applicati... Read more

    • EPSS Score: %0.28
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0138

    Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.48
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0137

    Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severit... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.07
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0136

    Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : android chrome edge_chromium
    • EPSS Score: %0.42
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0135

    Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: M... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.07
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0134

    Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: M... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.07
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0129

    Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium s... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.12
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0128

    Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security se... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.48
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-0078

    The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users... Read more

    Affected Products : resume_builder
    • EPSS Score: %0.10
    • Published: Mar. 06, 2023
    • Modified: May. 05, 2025
Showing 20 of 291193 Results