Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-2734

    A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. It is possibl... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2735

    A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-services.php. The manipulation of the argument sertitle leads to ... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2736

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php. The manipulation of the argument fromdate leads to s... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-10472

    The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : stylish_price_list
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-10554

    The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : wp-advanced-search
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2022-42080

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.12
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2022-42079

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.12
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-42078

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-42077

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41403

    OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.... Read more

    • EPSS Score: %0.08
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2022-38388

    IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.... Read more

    Affected Products : navigator_mobile
    • EPSS Score: %0.02
    • Published: Oct. 11, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2022-28887

    Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.... Read more

    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 7.1

    HIGH
    CVE-2022-25665

    Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile... Read more

    • EPSS Score: %0.04
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 6.2

    MEDIUM
    CVE-2022-25664

    Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more

    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2022-25663

    Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity... Read more

    • EPSS Score: %0.10
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2022-25662

    Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more

    • EPSS Score: %0.27
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 8.4

    HIGH
    CVE-2022-22077

    Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile... Read more

    • EPSS Score: %0.08
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2021-36369

    An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass ad... Read more

    Affected Products : debian_linux dropbear_ssh
    • EPSS Score: %0.11
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-10703

    The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ... Read more

    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-11272

    The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the ... Read more

    Affected Products : contact_form pirate_forms
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291750 Results