Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.4

    LOW
    CVE-2022-41597

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41595

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 8.8

    HIGH
    CVE-2022-3158

    Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information f... Read more

    Affected Products : factorytalk_vantagepoint
    • EPSS Score: %0.35
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2025-4023

    A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_company.php. The manipulation of the argument Name leads to sql injection. The attack may... Read more

    Affected Products : placement_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2015-2079

    Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.... Read more

    Affected Products : usermin usermin
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2022-41871

    SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.... Read more

    Affected Products : seppmail
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2024-57439

    An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.... Read more

    Affected Products : ruoyi
    • Published: Jan. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-57438

    Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.... Read more

    Affected Products : ruoyi
    • Published: Jan. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-57437

    RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.... Read more

    Affected Products : ruoyi
    • Published: Jan. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-57436

    RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.... Read more

    Affected Products : ruoyi
    • Published: Jan. 29, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2024-54762

    Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.... Read more

    Affected Products : ruoyi
    • Published: Jan. 09, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-42900

    Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.... Read more

    Affected Products : ruoyi
    • Published: Aug. 28, 2024
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2024-6511

    A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cros... Read more

    Affected Products : ruoyi
    • Published: Jul. 04, 2024
    • Modified: May. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-9355

    A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between... Read more

    • Published: Oct. 01, 2024
    • Modified: May. 14, 2025

  • 7.5

    HIGH
    CVE-2024-24981

    Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.... Read more

    Affected Products : server_board_s2600bp_firmware
    • Published: May. 16, 2024
    • Modified: May. 14, 2025

  • 7.5

    HIGH
    CVE-2024-29400

    An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.... Read more

    Affected Products : ruoyi
    • Published: Apr. 12, 2024
    • Modified: May. 14, 2025

  • 6.8

    MEDIUM
    CVE-2024-2907

    The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exam... Read more

    Affected Products : absolutely_glamorous_custom_admin
    • Published: Apr. 25, 2024
    • Modified: May. 14, 2025

  • 5.5

    MEDIUM
    CVE-2024-3048

    The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators... Read more

    Affected Products : bannerlid
    • Published: Apr. 26, 2024
    • Modified: May. 14, 2025

  • 6.3

    MEDIUM
    CVE-2024-3188

    The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributo... Read more

    Affected Products : shortcodes_ultimate
    • Published: Apr. 26, 2024
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2023-5971

    The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : save_as_pdf
    • Published: May. 14, 2024
    • Modified: May. 14, 2025
Showing 20 of 291672 Results