Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2023-3248

    The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil... Read more

    Affected Products : my_sticky_elements
    • Published: Jul. 24, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-3245

    The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : chaty
    • Published: Jul. 17, 2023
    • Modified: Apr. 23, 2025

  • 6.7

    MEDIUM
    CVE-2023-3159

    A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 12, 2023
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2023-3155

    The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.... Read more

    Affected Products : nextgen_gallery
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-3118

    The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : export_all_urls
    • Published: Jul. 10, 2023
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2023-3111

    A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().... Read more

    • Published: Jun. 05, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-37582

    The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker ... Read more

    Affected Products : rocketmq
    • Published: Jul. 12, 2023
    • Modified: Apr. 23, 2025

  • 7.7

    HIGH
    CVE-2023-37519

    Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.  ... Read more

    Affected Products : bigfix_platform
    • Published: Dec. 21, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-34133

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.... Read more

    Affected Products : global_management_system analytics
    • Published: Jul. 13, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-34127

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-... Read more

    Affected Products : global_management_system analytics
    • Published: Jul. 13, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-2995

    The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa... Read more

    Affected Products : leyka
    • Published: Sep. 19, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-2975

    Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty ... Read more

    • Published: Jul. 14, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-2964

    The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.... Read more

    Affected Products : simple_iframe
    • Published: Jul. 10, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-2600

    The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : custom_base_terms
    • Published: Jun. 19, 2023
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2023-2598

    A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege es... Read more

    • Published: Jun. 01, 2023
    • Modified: Apr. 23, 2025

  • 6.7

    MEDIUM
    CVE-2023-2513

    A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: May. 08, 2023
    • Modified: Apr. 23, 2025

  • 6.7

    MEDIUM
    CVE-2023-2194

    An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_b... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Apr. 20, 2023
    • Modified: Apr. 23, 2025

  • 7.0

    HIGH
    CVE-2023-2006

    A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges ... Read more

    • Published: Apr. 24, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-27534

    A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relativ... Read more

    • Published: Mar. 30, 2023
    • Modified: Apr. 23, 2025

  • 8.2

    HIGH
    CVE-2023-1668

    A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow m... Read more

    • Published: Apr. 10, 2023
    • Modified: Apr. 23, 2025
Showing 20 of 293612 Results