Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-27088

    oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to sessio... Read more

    Affected Products : s3-proxy
    • Published: Feb. 20, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-45818

    The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. Th... Read more

    Affected Products : xen
    • Published: Dec. 19, 2024
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-41975

    RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.... Read more

    Affected Products : vnc_server windows vnc_viewer
    • EPSS Score: %0.04
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-41606

    HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.... Read more

    Affected Products : nomad
    • EPSS Score: %0.30
    • Published: Oct. 12, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-41550

    GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.... Read more

    Affected Products : osip
    • EPSS Score: %0.16
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41532

    Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan.... Read more

    • EPSS Score: %0.13
    • Published: Oct. 12, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-41204

    An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allow... Read more

    Affected Products : commerce
    • EPSS Score: %0.37
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40943

    Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.... Read more

    Affected Products : dairy_farm_shop_management_system
    • EPSS Score: %0.26
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-40923

    A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.... Read more

    Affected Products : lief
    • EPSS Score: %0.09
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-40756

    If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to rem... Read more

    Affected Products : psql zen
    • EPSS Score: %0.23
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-40341

    mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file.... Read more

    Affected Products : mojoportal
    • EPSS Score: %0.76
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-35156

    Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..... Read more

    • EPSS Score: %0.08
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-21222

    The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse f... Read more

    Affected Products : css-what
    • EPSS Score: %0.21
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 8.5

    HIGH
    CVE-2025-30417

    There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful ex... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-30418

    There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation r... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-30419

    There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful e... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-30420

    There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful expl... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-30421

    There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code executio... Read more

    Affected Products : circuit_design_suite
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2024-36950

    In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-36941

    In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: May. 30, 2024
    • Modified: May. 20, 2025
Showing 20 of 292275 Results