Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-7082

    The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.... Read more

    Affected Products : easy_table_of_contents
    • Published: Aug. 06, 2024
    • Modified: May. 28, 2025

  • 4.8

    MEDIUM
    CVE-2024-7084

    The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.... Read more

    Affected Products : ajax_search ajax_search
    • Published: Aug. 06, 2024
    • Modified: May. 28, 2025

  • 4.8

    MEDIUM
    CVE-2024-3973

    The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : house_manager
    • Published: Aug. 07, 2024
    • Modified: May. 28, 2025

  • 4.8

    MEDIUM
    CVE-2024-6481

    The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : search_\&_filter
    • Published: Aug. 08, 2024
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-7704

    A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosu... Read more

    Affected Products : e-cology
    • Published: Aug. 12, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-3242

    A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attac... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-3211

    A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql injection. It is possi... Read more

    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-4501

    A vulnerability, which was classified as critical, was found in code-projects Album Management System 1.0. This affects the function searchalbum of the component Search Albums. The manipulation leads to stack-based buffer overflow. Local access is require... Read more

    Affected Products : album_management_system
    • Published: May. 10, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-4499

    A vulnerability classified as critical was found in code-projects Simple Hospital Management System 1.0. Affected by this vulnerability is the function Add of the component Add Information. The manipulation of the argument x[i].name/x[i].disease leads to ... Read more

    Affected Products : simple_hospital_management_system
    • Published: May. 10, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-4498

    A vulnerability classified as critical has been found in code-projects Simple Bus Reservation System 1.0. Affected is the function a::install of the component Install Bus. The manipulation of the argument bus leads to stack-based buffer overflow. It is po... Read more

    Affected Products : simple_bus_reservation_system
    • Published: May. 10, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-57698

    An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the... Read more

    Affected Products : modernwms
    • Published: Apr. 29, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-46560

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The co... Read more

    Affected Products : vllm
    • Published: Apr. 30, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2022-40261

    An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code i... Read more

    • EPSS Score: %0.03
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-40250

    An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code i... Read more

    • EPSS Score: %0.18
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2022-40246

    A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discover... Read more

    • EPSS Score: %0.02
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2022-39974

    WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h.... Read more

    Affected Products : wasm3
    • EPSS Score: %0.12
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2022-37259

    A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.... Read more

    Affected Products : steal
    • EPSS Score: %0.10
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 10.0

    CRITICAL
    CVE-2025-32444

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization o... Read more

    Affected Products : vllm
    • Published: Apr. 30, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-25775

    Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.... Read more

    Affected Products : bus_ticket_booking_system
    • Published: Apr. 25, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2023-44855

    Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file.... Read more

    • Published: Apr. 12, 2024
    • Modified: May. 28, 2025
Showing 20 of 291737 Results