Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-47893

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2022-42235

    A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form.... Read more

    Affected Products : student_clearance_system
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 7.2

    HIGH
    CVE-2022-42230

    Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=.... Read more

    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2022-42229

    Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.... Read more

    Affected Products : wedding_planner
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42044

    The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-asns
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42043

    The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-xml
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42042

    The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-networking
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42041

    The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-file-system
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42040

    The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-algorithms
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42039

    The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-lists
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42038

    The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-ip-addresses
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 7.2

    HIGH
    CVE-2022-41530

    Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.... Read more

    • Published: Oct. 12, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-41408

    Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.... Read more

    Affected Products : online_pet_shop_we_app
    • Published: Oct. 12, 2022
    • Modified: May. 19, 2025

  • 7.2

    HIGH
    CVE-2022-41407

    Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.... Read more

    Affected Products : online_pet_shop_we_app
    • Published: Oct. 12, 2022
    • Modified: May. 19, 2025

  • 8.1

    HIGH
    CVE-2024-4757

    The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : logo_manager_for_enamad
    • Published: Jun. 25, 2024
    • Modified: May. 19, 2025

  • 6.1

    MEDIUM
    CVE-2024-4900

    The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post... Read more

    Affected Products : seopress
    • Published: Jun. 24, 2024
    • Modified: May. 19, 2025

  • 5.0

    MEDIUM
    CVE-2024-4899

    The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : seopress
    • Published: Jun. 24, 2024
    • Modified: May. 19, 2025

  • 6.5

    MEDIUM
    CVE-2024-5522

    The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks... Read more

    Affected Products : html5_video_player
    • Published: Jun. 20, 2024
    • Modified: May. 19, 2025

  • 5.9

    MEDIUM
    CVE-2024-5573

    The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : easy_table_of_contents
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025

  • 4.0

    MEDIUM
    CVE-2024-5473

    The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : simple_photoswipe
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025
Showing 20 of 292801 Results