Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2024-22024

    An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.... Read more

    • EPSS Score: %94.30
    • Published: Feb. 13, 2024
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-21491

    Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter ... Read more

    Affected Products : svix svix-webhooks
    • EPSS Score: %0.02
    • Published: Feb. 13, 2024
    • Modified: May. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-52059

    A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.... Read more

    Affected Products : gestsup
    • EPSS Score: %0.20
    • Published: Feb. 13, 2024
    • Modified: May. 09, 2025

  • 4.8

    MEDIUM
    CVE-2022-3391

    The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : retain_live_chat
    • EPSS Score: %0.13
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 4.8

    MEDIUM
    CVE-2022-3350

    The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : contact_bank
    • EPSS Score: %0.10
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 7.2

    HIGH
    CVE-2022-3335

    The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is... Read more

    • EPSS Score: %0.32
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 7.2

    HIGH
    CVE-2022-3302

    The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin... Read more

    • EPSS Score: %0.24
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 7.2

    HIGH
    CVE-2022-3300

    The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin... Read more

    Affected Products : form_maker
    • EPSS Score: %0.36
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-3247

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subsc... Read more

    Affected Products : blog2social
    • EPSS Score: %0.60
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 5.4

    MEDIUM
    CVE-2022-34870

    Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.... Read more

    Affected Products : geode
    • EPSS Score: %1.31
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 7.8

    HIGH
    CVE-2022-33185

    Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitr... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.08
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2020-26629

    A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.... Read more

    Affected Products : hospital_management_system
    • EPSS Score: %0.72
    • Published: Jan. 10, 2024
    • Modified: May. 09, 2025

  • 7.8

    HIGH
    CVE-2024-45574

    Memory corruption during array access in Camera kernel due to invalid index from invalid command data.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-45575

    Memory corruption Camera kernel when large number of devices are attached through userspace.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-45576

    Memory corruption while prociesing command buffer buffer in OPE module.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-45577

    Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27132

    in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.... Read more

    Affected Products : openharmony
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-27241

    in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.... Read more

    Affected Products : openharmony
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-27248

    in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.... Read more

    Affected Products : openharmony
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-49830

    Memory corruption while processing an IOCTL call to set mixer controls.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291717 Results