Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-51293

    A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amo... Read more

    Affected Products : event_booking_calendar
    • Published: Feb. 19, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2023-32006

    The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active relea... Read more

    Affected Products : fedora node.js
    • EPSS Score: %0.05
    • Published: Aug. 15, 2023
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2023-32004

    A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. Th... Read more

    Affected Products : fedora node.js
    • EPSS Score: %0.06
    • Published: Aug. 15, 2023
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-42200

    Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2022-42199

    Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2022-42198

    In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.... Read more

    • EPSS Score: %0.13
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-42197

    In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.... Read more

    • EPSS Score: %0.05
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-42176

    In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.... Read more

    Affected Products : pcsecure
    • EPSS Score: %0.09
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-42021

    Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.... Read more

    • EPSS Score: %0.07
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-41358

    A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.... Read more

    Affected Products : garage_management_system
    • EPSS Score: %0.28
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-40084

    OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.... Read more

    Affected Products : opencrx
    • EPSS Score: %0.11
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.2

    HIGH
    CVE-2022-38108

    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.... Read more

    Affected Products : orion_platform solarwinds_platform
    • EPSS Score: %85.43
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-37298

    Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes t... Read more

    Affected Products : shinken_monitoring
    • EPSS Score: %44.43
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-36122

    The Automox Agent before 40 on Windows incorrectly sets permissions on key files.... Read more

    Affected Products : windows automox
    • EPSS Score: %0.04
    • Published: Oct. 21, 2022
    • Modified: May. 08, 2025

  • 9.1

    CRITICAL
    CVE-2022-31678

    VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.... Read more

    Affected Products : cloud_foundation nsx_data_center
    • EPSS Score: %3.28
    • Published: Oct. 28, 2022
    • Modified: May. 08, 2025

  • 7.2

    HIGH
    CVE-2022-31366

    An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file.... Read more

    Affected Products : eve-ng
    • EPSS Score: %0.56
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2025-43967

    libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.... Read more

    Affected Products : libheif
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-43966

    libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.... Read more

    Affected Products : libheif
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-43971

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.... Read more

    Affected Products : gobgp
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-43973

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.... Read more

    Affected Products : gobgp
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291773 Results