Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2023-52621

    In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers These three bpf_map_{lookup,update,delete}_elem() helpers are also available for sleepable bpf program, so add the c... Read more

    Affected Products : linux_kernel
    • Published: Mar. 26, 2024
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2023-52572

    In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88... Read more

    Affected Products : linux_kernel
    • Published: Mar. 02, 2024
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2022-49535

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to t... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-49309

    In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() There is a deadlock in rtw_surveydone_event_callback(), which is shown below: (Thread 1) ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-49219

    In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfio_pci_core_device::needs_pm_restore' is set (PCI device does not have No_Soft_Reset bit set in its PMCSR config register),... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-49190

    In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-48893

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleanup partial engine discovery failures If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not. Those incom... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2021-47247

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock removal from TC filter update path and pro... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-37087

    A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-5168

    A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating system... Read more

    Affected Products : firefox firefox_esr thunderbird windows
    • EPSS Score: %0.26
    • Published: Sep. 27, 2023
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-3463

    The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection... Read more

    Affected Products : contact_form
    • EPSS Score: %0.49
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 4.8

    MEDIUM
    CVE-2022-3462

    The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : highlight_focus
    • EPSS Score: %0.16
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2022-3451

    The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary opt... Read more

    Affected Products : product_stock_manager
    • EPSS Score: %0.07
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-3418

    The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files... Read more

    • EPSS Score: %0.44
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-37866

    When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain ... Read more

    Affected Products : ivy
    • EPSS Score: %0.60
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2023-5346

    Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.59
    • Published: Oct. 05, 2023
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-5175

    During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.... Read more

    Affected Products : firefox
    • EPSS Score: %0.38
    • Published: Sep. 27, 2023
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2023-28210

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2023-21244

    In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Oct. 06, 2023
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2022-3819

    An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.06
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025
Showing 20 of 291128 Results