Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-4620

    The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form... Read more

    Affected Products : arforms_form_builder arforms
    • Published: Jun. 07, 2024
    • Modified: May. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-4621

    The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered... Read more

    Affected Products : arforms_form_builder arforms
    • Published: Jun. 07, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-38440

    Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version... Read more

    Affected Products : netatalk
    • Published: Jun. 16, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-38441

    Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.... Read more

    Affected Products : netatalk
    • Published: Jun. 16, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-37734

    An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.... Read more

    Affected Products : openemr
    • Published: Jun. 26, 2024
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2024-4934

    The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : quiz_and_survey_master
    • Published: Jul. 01, 2024
    • Modified: May. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-6130

    The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Jul. 01, 2024
    • Modified: May. 01, 2025

  • 10.0

    CRITICAL
    CVE-2025-2857

    Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sand... Read more

    Affected Products : firefox firefox_esr
    • Published: Mar. 27, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-22869

    SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.... Read more

    Affected Products : ssh
    • Published: Feb. 26, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-22868

    An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.... Read more

    Affected Products : traefik jws
    • Published: Feb. 26, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2023-5472

    Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.70
    • Published: Oct. 25, 2023
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2023-32356

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2023-28215

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2023-28209

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-45196

    Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for n... Read more

    Affected Products : fabric
    • EPSS Score: %0.07
    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-44319

    PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall.... Read more

    Affected Products : picoc
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-44312

    PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.... Read more

    Affected Products : picoc
    • EPSS Score: %0.06
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 8.1

    HIGH
    CVE-2022-44311

    html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html f... Read more

    Affected Products : html2xhtml
    • EPSS Score: %1.81
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-43945

    The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single a... Read more

    • EPSS Score: %0.42
    • Published: Nov. 04, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-43343

    N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c.... Read more

    Affected Products : n-prolog
    • EPSS Score: %2.12
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025
Showing 20 of 291162 Results