Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-30376

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4893

    A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the file /CoinExchange_CryptoExchange_Java-master/00_framework... Read more

    Affected Products :
    • Published: May. 18, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-30733

    Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net t... Read more

    • Published: Apr. 15, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2025-23165

    In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on ever... Read more

    Affected Products : node.js
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-23123

    A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2023-6199

    Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.... Read more

    Affected Products : bookstack
    • Published: Nov. 20, 2023
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-6142

    Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.... Read more

    Affected Products : dev_blog
    • Published: Nov. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45121

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45120

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45119

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45118

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45117

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45116

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-45115

    Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : online_examination_system
    • Published: Dec. 21, 2023
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2025-30375

    Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2024-2968

    The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w... Read more

    Affected Products : wp-eggdrop
    • Published: Mar. 29, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-2969

    The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticat... Read more

    Affected Products : wp-eggdrop
    • Published: Mar. 29, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2024-1538

    The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' paramete... Read more

    Affected Products : file_manager file_manager
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2025-30382

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2023-6385

    The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.... Read more

    Affected Products : wordpress_ping_optimizer
    • Published: Apr. 10, 2024
    • Modified: May. 19, 2025
Showing 20 of 293350 Results