Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-30315

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-30314

    Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-43567

    Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s br... Read more

    Affected Products : connect
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-6534

    Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the... Read more

    Affected Products : directus
    • Published: Aug. 15, 2024
    • Modified: May. 19, 2025

  • 7.1

    HIGH
    CVE-2024-23440

    Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.... Read more

    Affected Products : vba32
    • Published: Feb. 13, 2024
    • Modified: May. 19, 2025

  • 7.1

    HIGH
    CVE-2024-23439

    Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.... Read more

    Affected Products : vba32
    • Published: Feb. 13, 2024
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-5011

    Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : student_information_system
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-5010

    Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : student_information_system
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-5007

    Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : student_information_system
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2025-30393

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-30388

    Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-30394

    Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-32702

    Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-32703

    Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-32704

    Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-29839

    Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-29841

    Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Race Condition

  • 6.1

    MEDIUM
    CVE-2024-4534

    The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : kkprogressbar2
    • Published: May. 27, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2024-4535

    The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : kkprogressbar2
    • Published: May. 27, 2024
    • Modified: May. 19, 2025

  • 6.5

    MEDIUM
    CVE-2024-4533

    The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks... Read more

    Affected Products : kkprogressbar2
    • Published: May. 27, 2024
    • Modified: May. 19, 2025
Showing 20 of 293284 Results