Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-35099

    TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.... Read more

    Affected Products : lr350_firmware lr350
    • Published: May. 14, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2024-3940

    The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : recaptcha_jetpack
    • Published: May. 14, 2024
    • Modified: May. 05, 2025

  • 4.7

    MEDIUM
    CVE-2024-3941

    The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : recaptcha_jetpack
    • Published: May. 14, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-46145

    Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5.... Read more

    Affected Products : ultra
    • Published: May. 17, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-4323

    A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.... Read more

    Affected Products : fluent_bit
    • Published: May. 20, 2024
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2023-32871

    In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ... Read more

    Affected Products : android openwrt yocto rdk-b mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 +53 more products
    • Published: May. 06, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-4763

    Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : debian_linux chrome edge_chromium
    • EPSS Score: %0.35
    • Published: Sep. 05, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-4369

    Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security sever... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.06
    • Published: Aug. 15, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-4355

    Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %36.84
    • Published: Aug. 15, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-4354

    Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %1.76
    • Published: Aug. 15, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-4352

    Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %1.70
    • Published: Aug. 15, 2023
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2023-4023

    The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger.... Read more

    Affected Products : all_users_messenger
    • EPSS Score: %0.19
    • Published: Aug. 30, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-41071

    A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.04
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40432

    The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.04
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40431

    The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.09
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40412

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.04
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40409

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.04
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-40400

    This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %1.68
    • Published: Sep. 27, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-3954

    The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as a... Read more

    • EPSS Score: %0.13
    • Published: Aug. 21, 2023
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2023-3817

    Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where ... Read more

    Affected Products : openssl
    • EPSS Score: %0.19
    • Published: Jul. 31, 2023
    • Modified: May. 05, 2025
Showing 20 of 291222 Results