Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-47406

    An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-46997

    Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate p... Read more

    Affected Products : passhunt
    • Published: Dec. 14, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-46996

    vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as esc... Read more

    Affected Products : vsphere_selfuse
    • Published: Dec. 14, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-32916

    An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may be able to disclose kernel memory.... Read more

    Affected Products : iphone_os
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 7.8

    HIGH
    CVE-2022-32860

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.3

    MEDIUM
    CVE-2022-32833

    An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.... Read more

    Affected Products : macos iphone_os safari
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2021-39428

    Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.... Read more

    Affected Products : eyoucms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2021-39427

    Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.... Read more

    Affected Products : 188jianzhan
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-39426

    An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.... Read more

    Affected Products : seacms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2021-36573

    File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.... Read more

    Affected Products : feehicms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 6.1

    MEDIUM
    CVE-2021-36572

    Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.... Read more

    Affected Products : feehicms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-29045

    Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value... Read more

    Affected Products : wifi_camppro_firmware wifi_camppro
    • Published: Apr. 17, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29044

    Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value... Read more

    Affected Products : r6100_firmware r6100
    • Published: Apr. 17, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2021-47668

    In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the ne... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2021-47669

    In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the canfd_frame cfd which aliases skb memory is accessed after th... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2021-47670

    In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2021-47671

    In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the function directly returns without calling netif_rx(skb). This ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-24446

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. Exploitation of this issue does not require user interaction, but admin panel privileges are... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-30293

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-30284

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vul... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293435 Results