Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-21839

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2024-58237

    In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each ta... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2024-58100

    In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state dep... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025

  • 0.0

    NA
    CVE-2024-58098

    In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider th... Read more

    Affected Products : linux_kernel
    • Published: May. 05, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-45027

    In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop up the damage. If it fails early enough, ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: May. 09, 2025

  • 5.3

    MEDIUM
    CVE-2024-26559

    An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.... Read more

    Affected Products : uverif
    • Published: Feb. 28, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-36677

    Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document.... Read more

    Affected Products : obsidian_mind_map
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2023-27151

    openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field.... Read more

    Affected Products : opencrx
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 8.4

    HIGH
    CVE-2023-51774

    The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.... Read more

    Affected Products : json-jwt
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2023-51775

    The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.... Read more

    Affected Products : jose4j
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 8.1

    HIGH
    CVE-2024-25006

    XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.... Read more

    Affected Products : xenforo
    • Published: Feb. 29, 2024
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43424

    Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from t... Read more

    • EPSS Score: %0.21
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-41415

    Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.... Read more

    • EPSS Score: %0.34
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2021-38217

    SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.07
    • Published: Oct. 28, 2022
    • Modified: May. 08, 2025

  • 4.7

    MEDIUM
    CVE-2024-2428

    The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one ... Read more

    Affected Products : presto_player
    • Published: Apr. 10, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-2729

    The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.... Read more

    Affected Products : otter_blocks
    • Published: Apr. 18, 2024
    • Modified: May. 08, 2025

  • 5.9

    MEDIUM
    CVE-2024-2118

    The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilt... Read more

    • Published: Apr. 17, 2024
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2024-1219

    The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting att... Read more

    Affected Products : easy_social_feed
    • Published: Apr. 17, 2024
    • Modified: May. 08, 2025

  • 4.8

    MEDIUM
    CVE-2024-2858

    The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : simple_buttons_creator
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-2857

    The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisat... Read more

    Affected Products : simple_buttons_creator
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025
Showing 20 of 291712 Results