Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2025-1860

    Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2025-0427

    Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access t... Read more

    • Published: May. 02, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0072

    Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. ... Read more

    • Published: May. 02, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-25301

    Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.... Read more

    Affected Products : redaxo
    • EPSS Score: %4.76
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-25224

    A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.... Read more

    Affected Products : simple_admin_panel
    • EPSS Score: %0.16
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25223

    Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.... Read more

    Affected Products : simple_admin_panel
    • EPSS Score: %0.14
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2024-21683

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitra... Read more

    • Published: May. 21, 2024
    • Modified: May. 12, 2025

  • 7.8

    HIGH
    CVE-2023-22514

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/... Read more

    Affected Products : sourcetree
    • Published: Jan. 16, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2023-22512

    This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its in... Read more

    • Published: Jan. 16, 2024
    • Modified: May. 12, 2025

  • 6.1

    MEDIUM
    CVE-2024-25221

    A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.... Read more

    • EPSS Score: %0.20
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25220

    Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.... Read more

    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 7.2

    HIGH
    CVE-2024-25213

    Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.... Read more

    Affected Products : employee_management_system
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25211

    Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.... Read more

    Affected Products : simple_expense_tracker_app
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25210

    Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.... Read more

    Affected Products : simple_expense_tracker_app
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25209

    Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.... Read more

    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-25207

    Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary ... Read more

    Affected Products : barangay_management_system
    • EPSS Score: %0.10
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-6066

    The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site... Read more

    Affected Products : wp_custom_widget_area
    • EPSS Score: %0.05
    • Published: Jan. 15, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2023-50868

    The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the ... Read more

    Affected Products : recursor bind unbound dnsmasq
    • EPSS Score: %47.27
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2023-50387

    Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when... Read more

    • EPSS Score: %36.40
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 6.7

    MEDIUM
    CVE-2023-24542

    Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025
Showing 20 of 291741 Results