Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-5858

    Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Nov. 01, 2023
    • Modified: Jun. 12, 2025

  • 6.1

    MEDIUM
    CVE-2023-5758

    When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.... Read more

    Affected Products : firefox
    • Published: Oct. 25, 2023
    • Modified: Jun. 12, 2025

  • 7.5

    HIGH
    CVE-2023-46215

    Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is abo... Read more

    Affected Products : airflow airflow_celery_provider
    • Published: Oct. 28, 2023
    • Modified: Jun. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-45498

    VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.... Read more

    Affected Products : vinchin_backup_and_recovery
    • Published: Oct. 27, 2023
    • Modified: Jun. 12, 2025

  • 9.9

    CRITICAL
    CVE-2023-45163

    The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM pe... Read more

    Affected Products : platform
    • Published: Nov. 06, 2023
    • Modified: Jun. 12, 2025

  • 9.9

    CRITICAL
    CVE-2023-45161

    The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM perm... Read more

    Affected Products : platform
    • Published: Nov. 06, 2023
    • Modified: Jun. 12, 2025

  • 7.5

    HIGH
    CVE-2023-41752

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, wh... Read more

    Affected Products : fedora traffic_server
    • Published: Oct. 17, 2023
    • Modified: Jun. 12, 2025

  • 6.5

    MEDIUM
    CVE-2023-41474

    Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.... Read more

    Affected Products : avalanche
    • Published: Jan. 25, 2024
    • Modified: Jun. 12, 2025

  • 5.5

    MEDIUM
    CVE-2023-41077

    An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks.... Read more

    Affected Products : macos
    • Published: Oct. 25, 2023
    • Modified: Jun. 12, 2025

  • 4.4

    MEDIUM
    CVE-2023-40425

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.... Read more

    Affected Products : macos
    • Published: Oct. 25, 2023
    • Modified: Jun. 12, 2025

  • 7.5

    HIGH
    CVE-2023-39456

    Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.... Read more

    Affected Products : fedora traffic_server
    • Published: Oct. 17, 2023
    • Modified: Jun. 12, 2025

  • 2.7

    LOW
    CVE-2023-22113

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • Published: Oct. 17, 2023
    • Modified: Jun. 12, 2025

  • 5.3

    MEDIUM
    CVE-2023-22067

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easil... Read more

    • Published: Oct. 17, 2023
    • Modified: Jun. 12, 2025

  • 6.3

    MEDIUM
    CVE-2021-25736

    Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Cluste... Read more

    Affected Products : kubernetes windows
    • Published: Oct. 30, 2023
    • Modified: Jun. 12, 2025

  • 4.8

    MEDIUM
    CVE-2024-11221

    The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-11190

    The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : jwp-a11y
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-11141

    The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : sailthru_triggermail
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-10818

    The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : jsfiddle_shortcode
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-10677

    The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : blue_trait_event_viewer
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-10639

    The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : auto_prune_posts
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293284 Results