Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-4099

    The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products : list_children
    • Published: May. 01, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-21610

    An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled Co... Read more

    Affected Products : junos mx10 mx104 mx2010 mx2020 mx240 mx40 mx480 mx80 mx960 +11 more products
    • Published: Apr. 12, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2024-12950

    A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The at... Read more

    • Published: Dec. 26, 2024
    • Modified: May. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-3173

    A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql injectio... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 18, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-37880

    In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling in time-travel mode as no time has passed. In the case seen it ... Read more

    Affected Products : linux_kernel
    • Published: May. 09, 2025
    • Modified: May. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37821

    In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX, which sometimes resul... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: May. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.5

    MEDIUM
    CVE-2025-47203

    dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.... Read more

    Affected Products : dropbear_ssh
    • Published: May. 07, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4331

    A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql injection. The... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 06, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-1061

    A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql inj... Read more

    • EPSS Score: %0.05
    • Published: Feb. 27, 2023
    • Modified: May. 17, 2025

  • 8.8

    HIGH
    CVE-2023-1059

    A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads ... Read more

    • EPSS Score: %0.05
    • Published: Feb. 27, 2023
    • Modified: May. 17, 2025

  • 9.9

    CRITICAL
    CVE-2025-2605

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Hon... Read more

    • Published: May. 02, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-22458

    DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-9305

    The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having ... Read more

    Affected Products : apppresser
    • Published: Oct. 16, 2024
    • Modified: May. 17, 2025

  • 4.6

    MEDIUM
    CVE-2024-57776

    A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57774

    A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-57773

    A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57771

    A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57772

    A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12587

    The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : contact_form_master
    • Published: Jan. 11, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12715

    The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : asgard_security_scanner
    • Published: Jan. 09, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292495 Results