Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-49332

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2023-49331

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-1290

    The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.... Read more

    • Published: Mar. 11, 2024
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2025-1232

    The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks... Read more

    Affected Products : site_reviews
    • Published: Mar. 19, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-21839

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2024-58237

    In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each ta... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2024-58100

    In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state dep... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025

  • 0.0

    NA
    CVE-2024-58098

    In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider th... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-45027

    In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop up the damage. If it fails early enough, ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: May. 09, 2025

  • 5.3

    MEDIUM
    CVE-2024-26559

    An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.... Read more

    Affected Products : uverif
    • Published: Feb. 28, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-36677

    Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document.... Read more

    Affected Products : obsidian_mind_map
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2023-27151

    openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field.... Read more

    Affected Products : opencrx
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 8.4

    HIGH
    CVE-2023-51774

    The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.... Read more

    Affected Products : json-jwt
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2023-51775

    The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.... Read more

    Affected Products : jose4j
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 8.1

    HIGH
    CVE-2024-25006

    XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.... Read more

    Affected Products : xenforo
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43424

    Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from t... Read more

    • EPSS Score: %0.21
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-41415

    Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.... Read more

    • EPSS Score: %0.34
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2021-38217

    SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.07
    • Published: Oct. 28, 2022
    • Modified: May. 08, 2025

  • 4.7

    MEDIUM
    CVE-2024-2428

    The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one ... Read more

    Affected Products : presto_player
    • Published: Apr. 10, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-2729

    The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.... Read more

    Affected Products : otter_blocks
    • Published: Apr. 18, 2024
    • Modified: May. 08, 2025
Showing 20 of 291659 Results