Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-42115

    Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Labe... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.19
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-40889

    Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.... Read more

    Affected Products : phpok
    • EPSS Score: %0.11
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 7.8

    HIGH
    CVE-2022-3569

    Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %2.48
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-39198

    A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and pri... Read more

    Affected Products : dubbo
    • EPSS Score: %7.55
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2022-38743

    Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute... Read more

    Affected Products : factorytalk_vantagepoint
    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.0

    MEDIUM
    CVE-2022-36439

    AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Inte... Read more

    • EPSS Score: %0.03
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 7.8

    HIGH
    CVE-2022-36438

    AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.... Read more

    Affected Products : asusswitch system_control_interface
    • EPSS Score: %0.03
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 7.8

    HIGH
    CVE-2021-3305

    Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability.... Read more

    Affected Products : feishu
    • EPSS Score: %0.06
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 5.3

    MEDIUM
    CVE-2020-15853

    supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time.... Read more

    Affected Products : supybot-fedora
    • EPSS Score: %0.06
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2025-31103

    Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.... Read more

    Affected Products : a-blog_cms
    • Published: Mar. 31, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-27279

    Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions.... Read more

    Affected Products : a-blog_cms
    • Published: Mar. 12, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2025-32970

    XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to co... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2024-25559

    URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.... Read more

    Affected Products : a-blog_cms
    • EPSS Score: %0.26
    • Published: Feb. 15, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-51398

    Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14.... Read more

    • Published: May. 17, 2024
    • Modified: May. 13, 2025

  • 6.8

    MEDIUM
    CVE-2024-3710

    The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 3.8

    LOW
    CVE-2025-32971

    XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr scr... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4248

    A vulnerability has been found in SourceCodester Simple To-Do List System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /complete_task.php. The manipulation of the argument ID leads to sql injection... Read more

    Affected Products : simple_to-do_list_system
    • Published: May. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4247

    A vulnerability, which was classified as critical, was found in SourceCodester Simple To-Do List System 1.0. Affected is an unknown function of the file /delete_task.php. The manipulation of the argument ID leads to sql injection. It is possible to launch... Read more

    Affected Products : simple_to-do_list_system
    • Published: May. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-32972

    XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights ... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-26450

    An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's da... Read more

    Affected Products : piwigo
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025
Showing 20 of 291728 Results