Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-41197

    An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-41198

    An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-41199

    An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2021-29505

    XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. ... Read more

    • EPSS Score: %90.77
    • Published: May. 28, 2021
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2021-21265

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS in... Read more

    Affected Products : october
    • EPSS Score: %0.47
    • Published: Mar. 10, 2021
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-47497

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepoints Logo Showcase allows DOM-Based XSS. This issue affects Logo Showcase: from n/a through 3.0.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2020-15187

    In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causin... Read more

    Affected Products : helm
    • EPSS Score: %0.33
    • Published: Sep. 17, 2020
    • Modified: May. 29, 2025

  • 5.1

    MEDIUM
    CVE-2025-30224

    MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information ... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-39349

    Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0.... Read more

    Affected Products : ciyashop
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-39348

    Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0.... Read more

    Affected Products : grand_restaurant
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-34715

    Windows Network File System Remote Code Execution Vulnerability... Read more

    Affected Products : windows_server_2022
    • EPSS Score: %58.37
    • Published: Aug. 09, 2022
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2022-34714

    Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %1.03
    • Published: Aug. 09, 2022
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-34712

    Windows Defender Credential Guard Information Disclosure Vulnerability... Read more

    • EPSS Score: %4.76
    • Published: Aug. 09, 2022
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-34710

    Windows Defender Credential Guard Information Disclosure Vulnerability... Read more

    • EPSS Score: %4.68
    • Published: Aug. 09, 2022
    • Modified: May. 29, 2025

  • 6.0

    MEDIUM
    CVE-2022-34709

    Windows Defender Credential Guard Security Feature Bypass Vulnerability... Read more

    • EPSS Score: %3.08
    • Published: Aug. 09, 2022
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-34708

    Windows Kernel Information Disclosure Vulnerability... Read more

    • EPSS Score: %3.88
    • Published: Aug. 09, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-32928

    Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2.... Read more

    Affected Products : altair
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-32927

    Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection.This issue affects FoodBakery: from n/a through 3.3.... Read more

    Affected Products : foodbakery
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-48256

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes Import Social Events allows Stored XSS. This issue affects Import Social Events: from n/a through 1.8.5.... Read more

    Affected Products : import_social_events
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-48254

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Change Add to Cart Button Text for WooCommerce allows Stored XSS. This issue affects Change Add to Cart Button Text for WooCommerce: from n/a t... Read more

    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291779 Results