Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-25224

    A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.... Read more

    Affected Products : simple_admin_panel
    • EPSS Score: %0.16
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25223

    Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.... Read more

    Affected Products : simple_admin_panel
    • EPSS Score: %0.14
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2024-21683

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitra... Read more

    • Published: May. 21, 2024
    • Modified: May. 12, 2025

  • 7.8

    HIGH
    CVE-2023-22514

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/... Read more

    Affected Products : sourcetree
    • Published: Jan. 16, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2023-22512

    This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its in... Read more

    • Published: Jan. 16, 2024
    • Modified: May. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-25221

    A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.... Read more

    • EPSS Score: %0.20
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25220

    Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.... Read more

    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 7.2

    HIGH
    CVE-2024-25213

    Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.... Read more

    Affected Products : employee_management_system
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25211

    Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.... Read more

    Affected Products : simple_expense_tracker_app
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25210

    Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.... Read more

    Affected Products : simple_expense_tracker_app
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25209

    Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.... Read more

    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-25207

    Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary ... Read more

    Affected Products : barangay_management_system
    • EPSS Score: %0.10
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-6066

    The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site... Read more

    Affected Products : wp_custom_widget_area
    • EPSS Score: %0.05
    • Published: Jan. 15, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2023-50868

    The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the ... Read more

    Affected Products : recursor bind unbound dnsmasq
    • EPSS Score: %47.27
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2023-50387

    Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when... Read more

    • EPSS Score: %36.40
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 6.7

    MEDIUM
    CVE-2023-24542

    Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 7.7

    HIGH
    CVE-2023-22342

    Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • EPSS Score: %0.08
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-43260

    Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %0.17
    • Published: Oct. 18, 2022
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2022-43259

    Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %0.12
    • Published: Oct. 18, 2022
    • Modified: May. 12, 2025

  • 6.1

    MEDIUM
    CVE-2021-24870

    The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privile... Read more

    Affected Products : wp_fastest_cache
    • EPSS Score: %0.12
    • Published: Jan. 16, 2024
    • Modified: May. 12, 2025
Showing 20 of 291737 Results