Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-40874

    Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.13
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-39978

    Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the pic... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.28
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-39977

    Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upl... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.28
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-39976

    School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=.... Read more

    • EPSS Score: %0.08
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38734

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38733

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38732

    SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.54
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38731

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38730

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38729

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-37781

    Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.... Read more

    Affected Products : employee_record_management_system
    • EPSS Score: %0.48
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-35388

    Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.... Read more

    • EPSS Score: %0.48
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2021-35387

    Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.... Read more

    • EPSS Score: %0.30
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2024-29901

    The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.... Read more

    Affected Products : authkit
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2024-29900

    Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will b... Read more

    Affected Products : electron-packager packager packager
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2025-3389

    A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The ma... Read more

    Affected Products : oa_system
    • Published: Apr. 08, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-11595

    FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : wireshark
    • Published: Nov. 21, 2024
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2025-2488

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting (XSS).This issue affects SambaBox: before 5.1.... Read more

    Affected Products : sambabox
    • Published: May. 02, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-11596

    ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : wireshark
    • Published: Nov. 21, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-2421

    Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1.... Read more

    Affected Products : sambabox
    • Published: May. 02, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection
Showing 20 of 291531 Results