Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-47965

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2022-47915

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-46710

    A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-42816

    A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2020-26628

    A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by ... Read more

    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2025-47947

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's con... Read more

    Affected Products : modsecurity modsecurity
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2024-46919

    An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers.... Read more

    • Published: Jan. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-48883

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malforme... Read more

    • Published: Jan. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-48070

    Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with anot... Read more

    Affected Products : plane
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-5080

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possibl... Read more

    Affected Products : fh451_firmware fh451
    • Published: May. 22, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5109

    A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component STATUS Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi... Read more

    • Published: May. 23, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-46920

    An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers.... Read more

    • Published: Jan. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-46921

    An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedur... Read more

    • Published: Jan. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2024-13618

    The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.... Read more

    • Published: Mar. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-10272

    lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET request to the /v1/datasets endpoint without a valid authorization token.... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2024-13617

    The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server... Read more

    • Published: Mar. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 7.0

    HIGH
    CVE-2025-2784

    A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.... Read more

    • Published: Apr. 03, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-5886

    A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiate... Read more

    Affected Products : emlog
    • Published: Jun. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-5978

    A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to l... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-48013

    Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.... Read more

    Affected Products : drupal quick_node_block
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization
Showing 20 of 293620 Results