Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-31120

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-32389

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refe... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-22142

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a s... Read more

    Affected Products : nameless
    • Published: Jan. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-8418

    A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive... Read more

    Affected Products : enterprise_linux aardvark-dns
    • Published: Sep. 04, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-12442

    EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2023-6064

    The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.... Read more

    Affected Products : payhere_payment_gateway
    • EPSS Score: %0.39
    • Published: Jan. 01, 2024
    • Modified: May. 13, 2025

  • 7.2

    HIGH
    CVE-2022-42218

    Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2022-42202

    TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • EPSS Score: %0.11
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2022-42188

    In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.... Read more

    Affected Products : lavalite
    • EPSS Score: %0.15
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-42165

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2022-42116

    A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web sc... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.18
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2022-42115

    Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Labe... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.19
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-40889

    Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.... Read more

    Affected Products : phpok
    • EPSS Score: %0.11
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 7.8

    HIGH
    CVE-2022-3569

    Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %2.48
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-39198

    A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and pri... Read more

    Affected Products : dubbo
    • EPSS Score: %7.55
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2022-38743

    Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute... Read more

    Affected Products : factorytalk_vantagepoint
    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.0

    MEDIUM
    CVE-2022-36439

    AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Inte... Read more

    • EPSS Score: %0.03
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 7.8

    HIGH
    CVE-2022-36438

    AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.... Read more

    Affected Products : asusswitch system_control_interface
    • EPSS Score: %0.03
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 7.8

    HIGH
    CVE-2021-3305

    Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability.... Read more

    Affected Products : feishu
    • EPSS Score: %0.06
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 5.3

    MEDIUM
    CVE-2020-15853

    supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time.... Read more

    Affected Products : supybot-fedora
    • EPSS Score: %0.06
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025
Showing 20 of 291739 Results