Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-20873

    In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x user... Read more

    Affected Products : spring_boot
    • EPSS Score: %0.38
    • Published: Apr. 20, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-1806

    The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admini... Read more

    Affected Products : wp_inventory_manager
    • EPSS Score: %0.11
    • Published: May. 08, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-1530

    Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.36
    • Published: Mar. 21, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-1465

    The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin... Read more

    Affected Products : wp_easypay
    • EPSS Score: %0.09
    • Published: Aug. 16, 2023
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-1078

    A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Mar. 27, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0933

    Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.26
    • Published: Feb. 22, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0767

    An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.24
    • Published: Jun. 02, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0705

    Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.23
    • Published: Feb. 07, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0699

    Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.21
    • Published: Feb. 07, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0698

    Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.15
    • Published: Feb. 07, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-0589

    The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : wp_image_carousel
    • EPSS Score: %0.10
    • Published: Mar. 27, 2023
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2023-0544

    The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : wp_login_box
    • EPSS Score: %0.08
    • Published: May. 08, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-0536

    The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored C... Read more

    Affected Products : wp-d3
    • EPSS Score: %0.10
    • Published: May. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0464

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certif... Read more

    Affected Products : openssl
    • EPSS Score: %1.37
    • Published: Mar. 22, 2023
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2023-0422

    The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.... Read more

    Affected Products : article_directory
    • EPSS Score: %0.08
    • Published: Apr. 10, 2023
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2023-0421

    The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.... Read more

    Affected Products : cloud_manager
    • EPSS Score: %0.38
    • Published: May. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0401

    A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not availab... Read more

    • EPSS Score: %0.76
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0217

    An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys s... Read more

    Affected Products : openssl
    • EPSS Score: %0.36
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0216

    An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a ... Read more

    • EPSS Score: %0.62
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2023-0215

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applicati... Read more

    • EPSS Score: %0.28
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025
Showing 20 of 291222 Results