Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-29015

    Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2022-42830

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025

  • 9.6

    CRITICAL
    CVE-2022-40004

    Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.... Read more

    Affected Products : thingsboard
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2025-0436

    Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-57760

    JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.... Read more

    Affected Products : jeewms
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0434

    Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-0435

    Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : android chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 2.5

    LOW
    CVE-2025-32408

    In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.... Read more

    Affected Products : iam
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2022-42842

    The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 7.8

    HIGH
    CVE-2022-42841

    A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution.... Read more

    Affected Products : macos
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 7.8

    HIGH
    CVE-2022-42840

    The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel... Read more

    Affected Products : macos iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-42837

    An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 6.4

    MEDIUM
    CVE-2022-42832

    A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025

  • 6.4

    MEDIUM
    CVE-2022-42831

    A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-42821

    A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.... Read more

    Affected Products : macos
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 7.8

    HIGH
    CVE-2022-42805

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 8.3

    HIGH
    CVE-2024-56409

    PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Currency.php` file. Using the `/vendor/phpoffice/phpspreadsh... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Jan. 03, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-20151

    In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID:... Read more

    Affected Products : nr16 nr17 mt6789 mt6813 mt6835 mt6855 mt6878 mt6879 mt6886 mt6895 +23 more products
    • Published: Jan. 06, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2024-20152

    In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pat... Read more

    Affected Products : android openwrt yocto mt6835 mt6878 mt6886 mt6897 mt6990 mt8766 mt8768 +14 more products
    • Published: Jan. 06, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-56828

    File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method f... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Jan. 06, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293505 Results