Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2022-33684

    The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man ... Read more

    Affected Products : pulsar
    • EPSS Score: %0.16
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 6.4

    MEDIUM
    CVE-2022-32609

    In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410.... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 +22 more products
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.4

    MEDIUM
    CVE-2022-32608

    In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753.... Read more

    Affected Products : android mt6893 mt6895
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.7

    MEDIUM
    CVE-2022-32607

    In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS0720... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6873 mt6875 +39 more products
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.7

    MEDIUM
    CVE-2022-32605

    In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ... Read more

    Affected Products : android mt6879 mt6895 mt6983
    • EPSS Score: %0.01
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.7

    MEDIUM
    CVE-2022-32603

    In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ... Read more

    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-31691

    Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing... Read more

    • EPSS Score: %18.70
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 7.3

    HIGH
    CVE-2022-2904

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerabili... Read more

    Affected Products : gitlab
    • EPSS Score: %3.07
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-27585

    Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mecha... Read more

    Affected Products : sim1000_fx_firmware sim1000_fx
    • EPSS Score: %2.22
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 4.7

    MEDIUM
    CVE-2021-42205

    ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.... Read more

    Affected Products : elan_miniport_touchpad_driver
    • EPSS Score: %0.04
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2021-39473

    Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.... Read more

    Affected Products : hotelmanager
    • EPSS Score: %0.24
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2021-39432

    diplib v3.0.0 is vulnerable to Double Free.... Read more

    Affected Products : diplib
    • EPSS Score: %0.33
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2021-34055

    jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.... Read more

    Affected Products : debian_linux jhead
    • EPSS Score: %0.03
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 9.6

    CRITICAL
    CVE-2019-13690

    Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.26
    • Published: Aug. 25, 2023
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2019-13689

    Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.18
    • Published: Aug. 25, 2023
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2025-28144

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function.... Read more

    • Published: Apr. 15, 2025
    • Modified: May. 02, 2025

  • 6.0

    MEDIUM
    CVE-2025-46565

    Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly expos... Read more

    Affected Products : vite
    • Published: May. 01, 2025
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-4620

    The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators... Read more

    Affected Products : booking_calendar
    • EPSS Score: %0.59
    • Published: Oct. 16, 2023
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-4294

    The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created s... Read more

    Affected Products : url_shortify
    • EPSS Score: %15.70
    • Published: Sep. 11, 2023
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2023-39434

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %0.65
    • Published: Sep. 27, 2023
    • Modified: May. 02, 2025
Showing 20 of 291158 Results