Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-3537

    A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is ... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3536

    A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper author... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-47616

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Imran aBlocks allows Stored XSS.This issue affects aBlocks: from n/a through 1.9.2.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-24488

    An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.... Read more

    Affected Products : cp3_firmware cp3
    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 7.2

    HIGH
    CVE-2024-24399

    An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.... Read more

    Affected Products : leptoncms
    • Published: Jan. 25, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-24388

    Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.... Read more

    Affected Products : xunruicms
    • Published: Feb. 02, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-24311

    Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.... Read more

    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-24266

    gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.... Read more

    Affected Products : gpac
    • Published: Feb. 05, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-24258

    freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.... Read more

    Affected Products : mupdf
    • Published: Feb. 05, 2024
    • Modified: Jun. 05, 2025

  • 4.2

    MEDIUM
    CVE-2024-24254

    PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofenc... Read more

    Affected Products : px4_drone_autopilot
    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-24135

    Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.... Read more

    • Published: Jan. 29, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-24131

    SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.... Read more

    Affected Products : superwebmailer
    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-24019

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 07, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-24014

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 08, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-22027

    Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.... Read more

    Affected Products : quiz_maker
    • Published: Jan. 12, 2024
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2022-39151

    A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versio... Read more

    Affected Products : parasolid simcenter_femap
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2022-34699

    Windows Win32k Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2022-34696

    Windows Hyper-V Remote Code Execution Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-34692

    Microsoft Exchange Server Information Disclosure Vulnerability... Read more

    Affected Products : exchange_server
    • Published: Aug. 09, 2022
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2022-34691

    Active Directory Domain Services Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 05, 2025
Showing 20 of 292763 Results