Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-43366

    IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.... Read more

    Affected Products : ew9_firmware ew9
    • EPSS Score: %0.26
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2022-43365

    IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : ew9_firmware ew9
    • EPSS Score: %0.13
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2022-43364

    An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.... Read more

    Affected Products : ew9_firmware ew9
    • EPSS Score: %0.19
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2022-43340

    A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.... Read more

    Affected Products : dzzoffice
    • EPSS Score: %0.10
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-42993

    Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.... Read more

    Affected Products : password_storage_application
    • EPSS Score: %0.17
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2021-37782

    Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.... Read more

    Affected Products : employee_record_management_system
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-47548

    Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-47549

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-47550

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16.... Read more

    Affected Products : instantio
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-47623

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. This issue affects Easy PayPal Buy Now Button: from n/a through 2.0.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-47624

    Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case allows Cross Site Request Forgery. This issue affects DoFollow Case by Case: from n/a through 3.5.1.... Read more

    Affected Products : dofollow_case_by_case
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-47625

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case allows Stored XSS. This issue affects DoFollow Case by Case: from n/a through 3.5.1.... Read more

    Affected Products : dofollow_case_by_case
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-47626

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 allows Stored XSS. This issue affects Submission DOM tracking for Contact Form 7: from n/a through... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-47628

    Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QS Dark Mode: from n/a through 3.0.... Read more

    Affected Products : qs_dark_mode
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2021-47304

    In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized This commit fixes a bug (found by syzkaller) that could cause spurious double-initializations for congestion control module... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: May. 12, 2025

  • 5.5

    MEDIUM
    CVE-2021-47305

    In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. In the error path, we weren't calling dma_fence_put() so all t... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: May. 12, 2025

  • 5.5

    MEDIUM
    CVE-2021-47315

    In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: May. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-47630

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More allows Stored XSS. This issue affects Ajax Load More: from n/a through 7.3.1.... Read more

    Affected Products : ajax_load_more
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-47632

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery allows Stored XSS. This issue affects Awesome Gallery: from n/a through 1.0.... Read more

    Affected Products : awesome_gallery
    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2021-47322

    In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT Fix an Oopsable condition in pnfs_mark_request_commit() when we're putting a set of writes on the commit list to res... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: May. 12, 2025
Showing 20 of 291804 Results