Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-2559

    A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefini... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Mar. 25, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-0671

    The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-5856

    Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5855

    Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5854

    Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5852

    Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5849

    Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 6.7

    MEDIUM
    CVE-2023-32834

    In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS081617... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +38 more products
    • EPSS Score: %0.01
    • Published: Nov. 06, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-44007

    An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Ses... Read more

    Affected Products : backclick
    • EPSS Score: %0.12
    • Published: Nov. 16, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-42732

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible... Read more

    • EPSS Score: %0.22
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-42533

    In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-42246

    Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.... Read more

    Affected Products : duofox_cms
    • EPSS Score: %0.08
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-42245

    Dreamer CMS 4.0.01 is vulnerable to SQL Injection.... Read more

    Affected Products : dreamer_cms
    • EPSS Score: %0.07
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-42187

    Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.... Read more

    Affected Products : hustoj
    • EPSS Score: %0.10
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.0

    CRITICAL
    CVE-2022-41558

    The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TI... Read more

    • EPSS Score: %0.80
    • Published: Nov. 15, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-40881

    SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php... Read more

    • EPSS Score: %93.67
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2022-39834

    A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.... Read more

    Affected Products : primekey_ejbca
    • EPSS Score: %0.57
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2021-33897

    A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attem... Read more

    Affected Products : synthesia
    • EPSS Score: %0.03
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2020-23582

    A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.22
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.4

    MEDIUM
    CVE-2012-0216

    The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local... Read more

    Affected Products : apache2
    • EPSS Score: %0.05
    • Published: Apr. 22, 2012
    • Modified: Apr. 29, 2025
Showing 20 of 291205 Results