Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-2932

    Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.39
    • Published: May. 30, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2931

    Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.39
    • Published: May. 30, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2930

    Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.13
    • Published: May. 30, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2929

    Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.54
    • Published: May. 30, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-2743

    The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_erp
    • EPSS Score: %0.11
    • Published: Jun. 27, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2726

    Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.02
    • Published: May. 16, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2725

    Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %7.73
    • Published: May. 16, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2724

    Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %10.33
    • Published: May. 16, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2723

    Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %14.06
    • Published: May. 16, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2722

    Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • EPSS Score: %0.26
    • Published: May. 16, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2721

    Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.24
    • Published: May. 16, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-2362

    The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress... Read more

    • EPSS Score: %0.11
    • Published: Jun. 12, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-2176

    A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privile... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Apr. 20, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-2008

    A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An att... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.60
    • Published: Apr. 14, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-29468

    The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be trig... Read more

    Affected Products : wilink8-wifi-mcp8
    • EPSS Score: %53.86
    • Published: Aug. 14, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-29059

    3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402,... Read more

    Affected Products : 3cx
    • EPSS Score: %0.30
    • Published: Mar. 30, 2023
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2023-28866

    In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Mar. 27, 2023
    • Modified: May. 05, 2025

  • 6.7

    MEDIUM
    CVE-2023-28772

    An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.14
    • Published: Mar. 23, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-28500

    A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe ... Read more

    Affected Products : livecycle_es4
    • EPSS Score: %8.75
    • Published: Apr. 06, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2023-28466

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).... Read more

    • EPSS Score: %0.02
    • Published: Mar. 16, 2023
    • Modified: May. 05, 2025
Showing 20 of 291219 Results