Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-42734

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the a... Read more

    • EPSS Score: %0.16
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-42733

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible... Read more

    • EPSS Score: %0.22
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-42096

    Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.... Read more

    Affected Products : backdrop backdrop_cms
    • EPSS Score: %5.79
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-40470

    Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.... Read more

    Affected Products : blood_donor_management_system
    • EPSS Score: %1.40
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-3561

    Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.... Read more

    Affected Products : librenms
    • EPSS Score: %0.07
    • Published: Nov. 20, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-37197

    IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.... Read more

    Affected Products : iotransfer
    • EPSS Score: %0.12
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 9.9

    CRITICAL
    CVE-2022-36786

    DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the ro... Read more

    Affected Products : dsl-224_firmware dsl-224
    • EPSS Score: %0.09
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.9

    CRITICAL
    CVE-2022-34827

    Carel Boss Mini 1.5.0 has Improper Access Control.... Read more

    Affected Products : boss_mini_firmware boss_mini
    • EPSS Score: %0.09
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2021-31739

    The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.... Read more

    Affected Products : seppmail
    • EPSS Score: %0.10
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2021-22141

    An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.... Read more

    Affected Products : kibana
    • EPSS Score: %0.19
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2024-13207

    The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : widget_for_social_page_feeds
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-24252

    A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 29, 2025

  • 7.7

    HIGH
    CVE-2025-24206

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2024-13610

    The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products : simple_social_buttons
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2023-42977

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos iphone_os ipad_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-42970

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 29, 2025

  • 3.3

    LOW
    CVE-2023-42969

    An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2025-30730

    Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via... Read more

    Affected Products : application_object_library
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2025-30729

    Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low pri... Read more

    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025

  • 5.6

    MEDIUM
    CVE-2025-30698

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle Gra... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
Showing 20 of 291162 Results