Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-33342

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.... Read more

    • Published: Apr. 26, 2024
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2025-4926

    A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrest... Read more

    Affected Products : car_rental_portal
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4927

    A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate lea... Read more

    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2023-49575

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_sm... Read more

    Affected Products : vx_search
    • Published: May. 24, 2024
    • Modified: May. 21, 2025

  • 7.1

    HIGH
    CVE-2023-49572

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_passwor... Read more

    Affected Products : vx_search
    • Published: May. 24, 2024
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2024-7253

    NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileg... Read more

    Affected Products : nomachine
    • Published: Nov. 22, 2024
    • Modified: May. 21, 2025

  • 7.7

    HIGH
    CVE-2024-47939

    Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary c... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2022-40912

    ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTM... Read more

    Affected Products : etap_safety_manager
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 3.3

    LOW
    CVE-2022-40708

    An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain th... Read more

    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-3193

    An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.... Read more

    Affected Products : virtualization ovirt-engine
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 6.4

    MEDIUM
    CVE-2022-35722

    IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : jazz_for_service_management
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-35282

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-2778

    In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-24373

    The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.... Read more

    Affected Products : react_native_reanimated
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-22387

    IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session... Read more

    Affected Products : application_gateway
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-41434

    A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.... Read more

    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 4.6

    MEDIUM
    CVE-2025-22383

    An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could con... Read more

    Affected Products : configured_commerce
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-22384

    An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios w... Read more

    Affected Products : configured_commerce
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-6797

    The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-6719

    The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 292767 Results