Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2022-42844

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 8.6

    HIGH
    CVE-2022-42843

    This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-42825

    This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file sy... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-42824

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.... Read more

    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2022-42823

    A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.... Read more

    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-40002

    Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.... Read more

    Affected Products : feehicms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-40001

    Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.... Read more

    Affected Products : feehicms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-40000

    Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.... Read more

    Affected Products : feehicms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-32945

    An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.3

    MEDIUM
    CVE-2022-32943

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 7.8

    HIGH
    CVE-2022-32942

    The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-56521

    An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 7.5

    HIGH
    CVE-2024-56519

    An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-50713

    SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php.... Read more

    Affected Products : smart_agent
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 7.5

    HIGH
    CVE-2024-50715

    An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component.... Read more

    Affected Products : smart_agent
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-50716

    SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component.... Read more

    Affected Products : smart_agent
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-45440

    core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.... Read more

    Affected Products : drupal
    • Published: Aug. 29, 2024
    • Modified: Apr. 21, 2025

  • 6.9

    MEDIUM
    CVE-2024-0545

    A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Jan. 15, 2024
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-46702

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-46695

    A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that f... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025
Showing 20 of 293510 Results