Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-2964

    The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.... Read more

    Affected Products : simple_iframe
    • Published: Jul. 10, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-2600

    The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : custom_base_terms
    • Published: Jun. 19, 2023
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2023-2598

    A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege es... Read more

    • Published: Jun. 01, 2023
    • Modified: Apr. 23, 2025

  • 6.7

    MEDIUM
    CVE-2023-2513

    A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: May. 08, 2023
    • Modified: Apr. 23, 2025

  • 6.7

    MEDIUM
    CVE-2023-2194

    An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_b... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Apr. 20, 2023
    • Modified: Apr. 23, 2025

  • 7.0

    HIGH
    CVE-2023-2006

    A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges ... Read more

    • Published: Apr. 24, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-27534

    A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relativ... Read more

    • Published: Mar. 30, 2023
    • Modified: Apr. 23, 2025

  • 8.2

    HIGH
    CVE-2023-1668

    A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow m... Read more

    • Published: Apr. 10, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-1413

    The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_vr wp_vr
    • Published: Apr. 17, 2023
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2023-1400

    The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products : modern_events_calendar_lite
    • Published: Mar. 27, 2023
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2023-1390

    A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system wit... Read more

    Affected Products : linux_kernel
    • Published: Mar. 16, 2023
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2023-1252

    A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 23, 2023
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2023-1118

    A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 02, 2023
    • Modified: Apr. 23, 2025

  • 6.6

    MEDIUM
    CVE-2023-1073

    A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Mar. 27, 2023
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2023-0950

    Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of Libre... Read more

    Affected Products : debian_linux libreoffice
    • Published: May. 25, 2023
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-0603

    The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : sloth_logo_customizer
    • Published: May. 08, 2023
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2023-0329

    The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator rol... Read more

    Affected Products : website_builder
    • Published: May. 30, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-4827

    The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : wp_tiles
    • Published: Apr. 10, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-46383

    RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within... Read more

    Affected Products : digital_rebar
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-46382

    RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform acti... Read more

    Affected Products : digital_rebar
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293620 Results