Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-43767

    In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for explo... Read more

    Affected Products : android
    • Published: Jan. 03, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-43768

    In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 03, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-43769

    In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privile... Read more

    Affected Products : android
    • Published: Jan. 03, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2024-56365

    PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the `Downloader` class. Using the `/vendor/php... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Jan. 03, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2024-56366

    PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Accounting.php` file. Using the `/vendor/phpoffice/phpspread... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Jan. 03, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-52724

    ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.... Read more

    Affected Products : zzcms
    • Published: Dec. 02, 2024
    • Modified: Apr. 21, 2025

  • 6.8

    MEDIUM
    CVE-2024-42195

    HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.... Read more

    Affected Products : hcl_launch hcl_devops_deploy
    • Published: Dec. 05, 2024
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2024-35241

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be ... Read more

    Affected Products : composer
    • Published: Jun. 10, 2024
    • Modified: Apr. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-46832

    Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The pat... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 21, 2025

  • 7.0

    HIGH
    CVE-2022-46689

    A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execut... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-46634

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-46631

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2022-42863

    A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code executi... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-42862

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2022-42861

    This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 7.1

    HIGH
    CVE-2022-42855

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 8.6

    HIGH
    CVE-2022-42844

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 8.6

    HIGH
    CVE-2022-42843

    This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-42825

    This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file sy... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-42824

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.... Read more

    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025
Showing 20 of 293425 Results