Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-50976

    Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.... Read more

    Affected Products : redpanda
    • Published: Dec. 18, 2023
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41870

    AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.... Read more

    Affected Products : innovaphone_firmware
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-40408

    FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.... Read more

    Affected Products : feehicms
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40314

    A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.... Read more

    Affected Products : moodle
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.1

    HIGH
    CVE-2022-40313

    Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.... Read more

    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-40277

    Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of ex... Read more

    Affected Products : linux_kernel ubuntu_linux joplin joplin
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-40274

    Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.... Read more

    Affected Products : linux_kernel gridea
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 6.6

    MEDIUM
    CVE-2022-1959

    AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.... Read more

    Affected Products : applock
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-37131

    SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the applica... Read more

    • Published: Jun. 13, 2024
    • Modified: May. 20, 2025

  • 8.0

    HIGH
    CVE-2024-24903

    Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access t... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24904

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or ... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24906

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of mal... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.3

    HIGH
    CVE-2024-24900

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. E... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24905

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or ... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24907

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage o... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-5713

    The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 20, 2025

  • 7.1

    HIGH
    CVE-2024-5715

    The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_emember
    • Published: Jul. 13, 2024
    • Modified: May. 20, 2025

  • 5.9

    MEDIUM
    CVE-2024-6231

    The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : request_a_quote
    • Published: Jul. 23, 2024
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2023-4724

    The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server... Read more

    • Published: Dec. 18, 2023
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41406

    An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : church_management_system
    • Published: Oct. 12, 2022
    • Modified: May. 20, 2025
Showing 20 of 292801 Results