Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-40250

    An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code i... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2022-40246

    A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discover... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2022-39974

    WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h.... Read more

    Affected Products : wasm3
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2022-37259

    A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.... Read more

    Affected Products : steal
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 10.0

    CRITICAL
    CVE-2025-32444

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization o... Read more

    Affected Products : vllm
    • Published: Apr. 30, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-25775

    Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.... Read more

    Affected Products : bus_ticket_booking_system
    • Published: Apr. 25, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2023-44855

    Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file.... Read more

    • Published: Apr. 12, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-1752

    The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : font_farsi
    • Published: Apr. 08, 2024
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2024-29686

    Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only ... Read more

    Affected Products : winter
    • Published: Mar. 29, 2024
    • Modified: May. 28, 2025

  • 5.9

    MEDIUM
    CVE-2024-29776

    Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. ... Read more

    Affected Products : eventprime
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-29272

    Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.... Read more

    Affected Products : vvvebjs
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-25168

    SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.... Read more

    Affected Products : snow
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2024-28559

    SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.... Read more

    Affected Products : b2b2c_multi-business
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-28560

    SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.... Read more

    Affected Products : b2b2c_multi-business niushop
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-30187

    Anope before 2.0.15 does not prevent resetting the password of a suspended account.... Read more

    Affected Products : anope
    • Published: Mar. 25, 2024
    • Modified: May. 28, 2025

  • 7.3

    HIGH
    CVE-2024-2864

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5. ... Read more

    Affected Products : youzify
    • Published: Mar. 25, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-25807

    Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.... Read more

    Affected Products : lychee
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-26557

    Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.... Read more

    Affected Products : codiad
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 8.3

    HIGH
    CVE-2024-25808

    Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.... Read more

    Affected Products : lychee
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-29271

    Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.... Read more

    Affected Products : vvvebjs
    • Published: Mar. 22, 2024
    • Modified: May. 28, 2025
Showing 20 of 293302 Results