Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-52922

    In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52920

    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-52921

    In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-52919

    Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-46236

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2.... Read more

    Affected Products : html_forms
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-52917

    Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52916

    Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52915

    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52914

    In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.7

    MEDIUM
    CVE-2025-31197

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-24271

    An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same ne... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-24270

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-52913

    In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-24251

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-24179

    A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local netwo... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2022-45402

    In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.... Read more

    Affected Products : airflow
    • EPSS Score: %37.66
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-45401

    Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.... Read more

    Affected Products : associated_files
    • EPSS Score: %3.07
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-45400

    Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : japex
    • EPSS Score: %0.29
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-45399

    A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.... Read more

    Affected Products : cluster_statistics
    • EPSS Score: %0.06
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-45398

    A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.... Read more

    Affected Products : cluster_statistics
    • EPSS Score: %0.06
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291219 Results