Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-42715

    A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.... Read more

    Affected Products : redcap
    • EPSS Score: %0.17
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 9.6

    CRITICAL
    CVE-2022-42711

    In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.... Read more

    Affected Products : whatsup_gold
    • EPSS Score: %0.22
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-42161

    D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.... Read more

    • EPSS Score: %1.92
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-42087

    Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 3.8

    LOW
    CVE-2024-5030

    The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-52317

    Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 ... Read more

    Affected Products : tomcat
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-52318

    Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.... Read more

    Affected Products : tomcat
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-46055

    OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.... Read more

    Affected Products : openvidreview
    • Published: Nov. 27, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10473

    The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripti... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10493

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is... Read more

    Affected Products : element_pack
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10896

    The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-43118

    Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1.... Read more

    Affected Products : hummingbird hummingbird
    • Published: Nov. 01, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-10027

    The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : wp_booking_calendar
    • Published: Nov. 07, 2024
    • Modified: May. 15, 2025

  • 5.9

    MEDIUM
    CVE-2024-20926

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: ... Read more

    • EPSS Score: %0.27
    • Published: Jan. 16, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-42906

    powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, c... Read more

    Affected Products : debian_linux powerline_gitstatus
    • EPSS Score: %0.07
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-42902

    In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code ... Read more

    Affected Products : debian_linux lava
    • EPSS Score: %0.30
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42163

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 8.0

    HIGH
    CVE-2024-45772

    Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.repli... Read more

    Affected Products : lucene lucene_replicator
    • Published: Sep. 30, 2024
    • Modified: May. 15, 2025

  • 7.6

    HIGH
    CVE-2025-3744

    Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.... Read more

    Affected Products : nomad
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-7982

    The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more

    • Published: Nov. 08, 2024
    • Modified: May. 15, 2025
Showing 20 of 291784 Results