Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2023-4806

    A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and ... Read more

    • EPSS Score: %1.11
    • Published: Sep. 18, 2023
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-41719

    Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.... Read more

    Affected Products : messagepack
    • EPSS Score: %0.09
    • Published: Nov. 10, 2022
    • Modified: Apr. 30, 2025

  • 4.6

    MEDIUM
    CVE-2022-3903

    An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or pote... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-3632

    The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.... Read more

    Affected Products : oauth_client
    • EPSS Score: %0.16
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-3477

    The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any use... Read more

    • EPSS Score: %0.91
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-3415

    The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact me... Read more

    Affected Products : chat_bubble
    • EPSS Score: %0.69
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-35613

    Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).... Read more

    Affected Products : konker_platform
    • EPSS Score: %0.10
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2022-34325

    DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler u... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.4

    MEDIUM
    CVE-2022-33986

    DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack... Read more

    Affected Products : kernel kernel
    • EPSS Score: %0.04
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.0

    HIGH
    CVE-2022-33985

    DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the N... Read more

    Affected Products : kernel kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.0

    HIGH
    CVE-2022-33984

    DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdM... Read more

    Affected Products : kernel kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.4

    MEDIUM
    CVE-2022-31243

    Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at inp... Read more

    Affected Products : kernel kernel
    • EPSS Score: %0.04
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.4

    MEDIUM
    CVE-2022-30774

    DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the cont... Read more

    Affected Products : kernel kernel
    • EPSS Score: %0.04
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.4

    MEDIUM
    CVE-2022-30773

    DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the... Read more

    Affected Products : kernel kernel
    • EPSS Score: %0.04
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-2450

    The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.... Read more

    Affected Products : resmush.it_image_optimizer
    • EPSS Score: %0.06
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-2449

    The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.... Read more

    Affected Products : resmush.it_image_optimizer
    • EPSS Score: %0.09
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-27949

    A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects ... Read more

    Affected Products : airflow
    • EPSS Score: %0.22
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-4024

    A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /add_drive.php. The manipulation of the argument drive_title leads to sql injection. It is possible to launc... Read more

    Affected Products : placement_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4025

    A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql injection. The a... Read more

    Affected Products : placement_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2015-4582

    The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product.... Read more

    Affected Products : boot_store
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291216 Results