Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-48740

    In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller f... Read more

    Affected Products : linux_kernel
    • Published: Jun. 20, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-13553

    The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a... Read more

    Affected Products : sms_alert_order_notifications
    • Published: Apr. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-3121

    A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been d... Read more

    Affected Products : pytorch
    • Published: Apr. 02, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-43151

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/... Read more

    • Published: Aug. 12, 2024
    • Modified: May. 27, 2025

  • 7.1

    HIGH
    CVE-2024-43156

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.... Read more

    Affected Products : post_grid_master
    • Published: Aug. 12, 2024
    • Modified: May. 27, 2025

  • 4.8

    MEDIUM
    CVE-2024-6724

    The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : magic_post_thumbnail
    • Published: Aug. 13, 2024
    • Modified: May. 27, 2025

  • 6.4

    MEDIUM
    CVE-2025-32951

    Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type he... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2022-40262

    A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 9.1

    CRITICAL
    CVE-2022-40186

    An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to th... Read more

    Affected Products : vault
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-38916

    A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files... Read more

    Affected Products : pagekit
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-38550

    A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jeesns
    • Published: Sep. 19, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-38512

    The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XL... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-37204

    Final CMS 5.1.0 is vulnerable to SQL Injection.... Read more

    Affected Products : jfinal_cms
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-28982

    A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2022-28981

    Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.... Read more

    Affected Products : liferay_portal
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-28980

    Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 8.2

    HIGH
    CVE-2022-26873

    A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2024-38749

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2.... Read more

    Affected Products : olive_one_click_demo_import
    • Published: Aug. 13, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-6460

    The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in tho... Read more

    Affected Products : grow
    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-42639

    H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.... Read more

    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025
Showing 20 of 293425 Results