Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-49168

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bio_endio() on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-a... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2022-3196

    Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.3

    HIGH
    CVE-2022-21169

    The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.... Read more

    Affected Products : express_xss_sanitizer
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-4785

    A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user-profile.php. The manipulation of the argument fullname/contactnumber leads to s... Read more

    Affected Products : daily_expense_tracker_system
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4793

    A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been classified as critical. Affected is an unknown function of the file /edit-student-profile.php. The manipulation of the argument cgpa leads to sql injection. It is possible... Read more

    Affected Products : online_course_registration
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4794

    A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /news.php. The manipulation of the argument newstitle leads to sql injection. ... Read more

    Affected Products : online_course_registration
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4808

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0 and classified as critical. This issue affects some unknown processing of the file /add-normal-ticket.php. The manipulation of the argument noadult/nochildren/aprice/cprice leads... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4772

    A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/department.php. The manipulation of the argument department leads to sql ... Read more

    Affected Products : online_course_registration
    • Published: May. 16, 2025
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2025-4781

    A vulnerability classified as critical has been found in PHPGurukul Park Ticketing Management System 2.0. Affected is an unknown function of the file /forgot-password.php. The manipulation of the argument email/contactno leads to sql injection. It is poss... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2473

    A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Sign In. The manipulation of the argument username leads... Read more

    Affected Products : company_visitor_management_system
    • Published: Mar. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2024-7628

    The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verify_id_token' function. This makes i... Read more

    Affected Products : mstore_api
    • Published: Aug. 15, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-6328

    The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms... Read more

    Affected Products : mstore_api
    • Published: Jul. 12, 2024
    • Modified: May. 21, 2025

  • 6.3

    MEDIUM
    CVE-2025-1178

    A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launche... Read more

    • Published: Feb. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-1180

    A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to ini... Read more

    Affected Products : binutils
    • Published: Feb. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-1181

    A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated re... Read more

    • Published: Feb. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-1182

    A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch... Read more

    Affected Products : binutils
    • Published: Feb. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-48710

    In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.... Read more

    Affected Products : tl-wdr7660_firmware tl-wdr7660
    • Published: Oct. 15, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-48712

    In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.... Read more

    Affected Products : tl-wdr7660_firmware tl-wdr7660
    • Published: Oct. 15, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-48713

    In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.... Read more

    Affected Products : tl-wdr7660_firmware tl-wdr7660
    • Published: Oct. 15, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-48714

    In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.... Read more

    Affected Products : tl-wdr7660_firmware tl-wdr7660
    • Published: Oct. 15, 2024
    • Modified: May. 21, 2025
Showing 20 of 292764 Results