Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-2834

    The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depe... Read more

    Affected Products : helpful
    • EPSS Score: %0.67
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-2630

    An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-2592

    A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or w... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2022-2574

    The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : meks_easy_social_share
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2022-2563

    The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in... Read more

    Affected Products : tutor_lms
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.4

    HIGH
    CVE-2022-2533

    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Packa... Read more

    Affected Products : gitlab
    • EPSS Score: %0.03
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2022-2527

    An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacke... Read more

    Affected Products : gitlab
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-2455

    A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.3

    HIGH
    CVE-2022-2428

    A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests... Read more

    Affected Products : gitlab
    • EPSS Score: %0.10
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-28291

    Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Pr... Read more

    Affected Products : nessus
    • EPSS Score: %0.09
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2022-25750

    Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile... Read more

    • EPSS Score: %0.09
    • Published: Oct. 19, 2022
    • Modified: May. 13, 2025

  • 8.4

    HIGH
    CVE-2022-25723

    Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile... Read more

    • EPSS Score: %0.09
    • Published: Oct. 19, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-2658

    A vulnerability, which was classified as critical, has been found in PHPGurukul Online Security Guards Hiring System 1.0. Affected by this issue is some unknown functionality of the file /search-request.php. The manipulation of the argument searchdata lea... Read more

    • Published: Mar. 23, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2663

    A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-details.php. The manipulation of the argument searchinput lead... Read more

    Affected Products : bank_locker_management_system
    • Published: Mar. 23, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-2664

    A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. The attack may be... Read more

    • Published: Mar. 23, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4311

    A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/update_main_topic_img.php?topic_id=529. The manipulation of the argument stopic_id leads to sql inje... Read more

    Affected Products : content_management_system
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2024-13124

    The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : photo_gallery
    • Published: Mar. 24, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4298

    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. ... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4299

    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. Th... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44074

    SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.... Read more

    Affected Products : seacms
    • Published: May. 05, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection
Showing 20 of 291638 Results