Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2022-40616

    IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.... Read more

    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-40030

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-40029

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted pay... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-40028

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted pay... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2022-40027

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2022-40026

    SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.... Read more

    Affected Products : simple_task_managing_system
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2022-37027

    Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an at... Read more

    Affected Products : cloud_backup_suite
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.3

    MEDIUM
    CVE-2022-35621

    Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.... Read more

    Affected Products : evohclaimable
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.0

    CRITICAL
    CVE-2022-30578

    The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful at... Read more

    Affected Products : ebx_add-ons
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.7

    MEDIUM
    CVE-2022-29800

    A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to repla... Read more

    Affected Products : windows_defender_for_endpoint
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2021-4297

    A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unkn... Read more

    Affected Products : jobe
    • Published: Jan. 01, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-5032

    A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-3160

    A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. T... Read more

    Affected Products : assimp
    • Published: Apr. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-4919

    An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 1... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-4918

    An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4837

    A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possi... Read more

    Affected Products : student_project_allocation_system
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2023-50771

    Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.... Read more

    • Published: Dec. 13, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-4836

    A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injec... Read more

    Affected Products : life_insurance_management_system
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2024-4291

    A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer ... Read more

    Affected Products : ac15_firmware a301_firmware a301
    • Published: Apr. 27, 2024
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2025-4806

    A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument I... Read more

    Affected Products : stock_management_system
    • Published: May. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection
Showing 20 of 293182 Results