Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-43968

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.56
    • Published: Nov. 14, 2022
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2022-43967

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.56
    • Published: Nov. 14, 2022
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2022-43695

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist ... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.55
    • Published: Nov. 14, 2022
    • Modified: May. 13, 2025

  • 5.5

    MEDIUM
    CVE-2022-43295

    XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.06
    • Published: Nov. 14, 2022
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2022-42060

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.23
    • Published: Nov. 15, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-41544

    GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.... Read more

    Affected Products : getsimple_cms getsimplecms
    • EPSS Score: %64.32
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-2908

    A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a specia... Read more

    Affected Products : gitlab
    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 5.3

    MEDIUM
    CVE-2022-2834

    The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depe... Read more

    Affected Products : helpful
    • EPSS Score: %0.67
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-2630

    An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-2592

    A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or w... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2022-2574

    The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : meks_easy_social_share
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2022-2563

    The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in... Read more

    Affected Products : tutor_lms
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.4

    HIGH
    CVE-2022-2533

    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Packa... Read more

    Affected Products : gitlab
    • EPSS Score: %0.03
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2022-2527

    An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacke... Read more

    Affected Products : gitlab
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-2455

    A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.3

    HIGH
    CVE-2022-2428

    A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests... Read more

    Affected Products : gitlab
    • EPSS Score: %0.10
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-28291

    Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Pr... Read more

    Affected Products : nessus
    • EPSS Score: %0.09
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2022-25750

    Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile... Read more

    • EPSS Score: %0.09
    • Published: Oct. 19, 2022
    • Modified: May. 13, 2025

  • 8.4

    HIGH
    CVE-2022-25723

    Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile... Read more

    • EPSS Score: %0.09
    • Published: Oct. 19, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-2658

    A vulnerability, which was classified as critical, has been found in PHPGurukul Online Security Guards Hiring System 1.0. Affected by this issue is some unknown functionality of the file /search-request.php. The manipulation of the argument searchdata lea... Read more

    • Published: Mar. 23, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection
Showing 20 of 291641 Results