Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-25180

    An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after in... Read more

    Affected Products : pdfmake
    • Published: Feb. 29, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-22532

    Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.... Read more

    Affected Products : nconvert
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2022-45847

    Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. ... Read more

    Affected Products : countdown_widget
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 3.5

    LOW
    CVE-2024-26476

    An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.... Read more

    Affected Products : openemr mpdf
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2023-34020

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. ... Read more

    Affected Products : uncanny_toolkit_for_learndash
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 9.3

    CRITICAL
    CVE-2024-25293

    mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.... Read more

    Affected Products : mjml mjml_app
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-39311

    Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. ... Read more

    Affected Products : avada fusion_builder
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-22891

    Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.... Read more

    Affected Products : nteract
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-26548

    An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.... Read more

    Affected Products : camera camera_firmware
    • Published: Feb. 29, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-24035

    Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter.... Read more

    Affected Products : s.i.l.
    • Published: Mar. 07, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2024-23510

    Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8. ... Read more

    Affected Products : dont_muck_my_markup
    • Published: Mar. 27, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2020-36845

    The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.... Read more

    Affected Products : security_awareness_training
    • Published: Apr. 20, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2020-36844

    The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.... Read more

    Affected Products : security_awareness_training
    • Published: Apr. 20, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-43955

    TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.... Read more

    Affected Products : convertigo
    • Published: Apr. 20, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-25997

    Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-39722

    An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.... Read more

    Affected Products : ollama
    • Published: Oct. 31, 2024
    • Modified: May. 13, 2025

  • 8.1

    HIGH
    CVE-2024-26469

    Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in ... Read more

    Affected Products : product_designer
    • Published: Mar. 03, 2024
    • Modified: May. 13, 2025

  • 4.9

    MEDIUM
    CVE-2025-2487

    A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MOD... Read more

    • Published: Mar. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2022-3540

    An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses... Read more

    Affected Products : hunter2
    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2022-3517

    A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.... Read more

    Affected Products : fedora debian_linux minimatch
    • EPSS Score: %0.46
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025
Showing 20 of 291804 Results