Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-4428

    Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.... Read more

    Affected Products : endpoint_manager_mobile
    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2060

    A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-11182

    An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail u... Read more

    Affected Products : mdaemon email_server
    • Actively Exploited
    • Published: Nov. 15, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-27443

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the c... Read more

    Affected Products : collaboration
    • Actively Exploited
    • Published: Aug. 12, 2024
    • Modified: May. 21, 2025

  • 6.4

    MEDIUM
    CVE-2024-13805

    The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitizat... Read more

    Affected Products : advanced_file_manager
    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2023-38950

    A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.... Read more

    Affected Products : biotime
    • Actively Exploited
    • Published: Aug. 03, 2023
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2019-1064

    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then insta... Read more

    • Actively Exploited
    • Published: Jun. 12, 2019
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2019-1069

    An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerabilit... Read more

    • Actively Exploited
    • Published: Jun. 12, 2019
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2024-31841

    An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.... Read more

    Affected Products : embrace
    • Published: Apr. 19, 2024
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2024-31846

    An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.... Read more

    Affected Products : embrace
    • Published: Apr. 19, 2024
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-31845

    An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker,... Read more

    Affected Products : embrace
    • Published: May. 21, 2024
    • Modified: May. 21, 2025

  • 4.1

    MEDIUM
    CVE-2024-31843

    An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.... Read more

    Affected Products : embrace
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-27752

    Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.... Read more

    Affected Products : csz_cms
    • Published: Apr. 19, 2024
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40928

    Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.... Read more

    Affected Products : online_leave_management_system
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40925

    Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.... Read more

    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40924

    Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.... Read more

    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40116

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.... Read more

    Affected Products : online_banking_system
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40115

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.... Read more

    Affected Products : online_banking_system
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40114

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.... Read more

    Affected Products : online_banking_system
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-3200

    Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025
Showing 20 of 292769 Results