Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3173

    A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql injectio... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 18, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-37880

    In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling in time-travel mode as no time has passed. In the case seen it ... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37821

    In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX, which sometimes resul... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: May. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.5

    MEDIUM
    CVE-2025-47203

    dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.... Read more

    Affected Products : dropbear_ssh
    • Published: May. 07, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4331

    A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql injection. The... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 06, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-1061

    A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql inj... Read more

    • EPSS Score: %0.05
    • Published: Feb. 27, 2023
    • Modified: May. 17, 2025

  • 8.8

    HIGH
    CVE-2023-1059

    A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads ... Read more

    • EPSS Score: %0.05
    • Published: Feb. 27, 2023
    • Modified: May. 17, 2025

  • 9.9

    CRITICAL
    CVE-2025-2605

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Hon... Read more

    • Published: May. 02, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-22458

    DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-9305

    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having ... Read more

    Affected Products : apppresser
    • Published: Oct. 16, 2024
    • Modified: May. 17, 2025

  • 4.6

    MEDIUM
    CVE-2024-57776

    A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57774

    A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-57773

    A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57771

    A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57772

    A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12587

    The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : contact_form_master
    • Published: Jan. 11, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12715

    The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : asgard_security_scanner
    • Published: Jan. 09, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12714

    The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : backlink_monitoring_manager
    • Published: Jan. 09, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-10568

    The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : ajax_search
    • Published: Dec. 12, 2024
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-10518

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as a... Read more

    Affected Products : profilepress
    • Published: Dec. 12, 2024
    • Modified: May. 17, 2025
Showing 20 of 291867 Results