Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-41498

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.... Read more

    Affected Products : billing_system
    • EPSS Score: %0.07
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-3325

    Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an... Read more

    Affected Products : gitlab
    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-3293

    Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1... Read more

    Affected Products : gitlab
    • EPSS Score: %0.13
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-3291

    Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache... Read more

    Affected Products : gitlab
    • EPSS Score: %0.16
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-3288

    A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 5.3

    MEDIUM
    CVE-2022-3286

    Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token... Read more

    Affected Products : gitlab
    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2022-3283

    A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content adde... Read more

    Affected Products : gitlab
    • EPSS Score: %0.24
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2022-3282

    The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length lim... Read more

    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-3279

    An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs... Read more

    Affected Products : gitlab
    • EPSS Score: %0.07
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.2

    MEDIUM
    CVE-2022-3244

    The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce... Read more

    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-3082

    The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example... Read more

    Affected Products : discord_integration
    • EPSS Score: %0.08
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2022-3067

    An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenti... Read more

    Affected Products : gitlab
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.7

    MEDIUM
    CVE-2024-5575

    The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : ditty
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-29812

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. ... Read more

    Affected Products : reviewx
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-29811

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. ... Read more

    Affected Products : radio_player
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-29807

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. ... Read more

    Affected Products : dearflip
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2024-29806

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. ... Read more

    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2024-29805

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5. ... Read more

    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-5627

    The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks.... Read more

    Affected Products : tournamatch
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-22144

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved b... Read more

    Affected Products : nameless
    • Published: Jan. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication
Showing 20 of 291717 Results