Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.2

    MEDIUM
    CVE-2024-45775

    A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will... Read more

    Affected Products : enterprise_linux grub2
    • Published: Feb. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2024-45774

    A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure... Read more

    Affected Products : enterprise_linux grub2
    • Published: Feb. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2023-45892

    An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.... Read more

    Affected Products : insight
    • EPSS Score: %1.01
    • Published: Jan. 02, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2022-43968

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.56
    • Published: Nov. 14, 2022
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2022-43967

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.56
    • Published: Nov. 14, 2022
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2022-43695

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist ... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.55
    • Published: Nov. 14, 2022
    • Modified: May. 13, 2025

  • 5.5

    MEDIUM
    CVE-2022-43295

    XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.06
    • Published: Nov. 14, 2022
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2022-42060

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.23
    • Published: Nov. 15, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-41544

    GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.... Read more

    Affected Products : getsimple_cms getsimplecms
    • EPSS Score: %64.32
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-2908

    A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a specia... Read more

    Affected Products : gitlab
    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 5.3

    MEDIUM
    CVE-2022-2834

    The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depe... Read more

    Affected Products : helpful
    • EPSS Score: %0.67
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-2630

    An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-2592

    A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or w... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2022-2574

    The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : meks_easy_social_share
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2022-2563

    The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in... Read more

    Affected Products : tutor_lms
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.4

    HIGH
    CVE-2022-2533

    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Packa... Read more

    Affected Products : gitlab
    • EPSS Score: %0.03
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2022-2527

    An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacke... Read more

    Affected Products : gitlab
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-2455

    A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.3

    HIGH
    CVE-2022-2428

    A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests... Read more

    Affected Products : gitlab
    • EPSS Score: %0.10
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-28291

    Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Pr... Read more

    Affected Products : nessus
    • EPSS Score: %0.09
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025
Showing 20 of 291717 Results