Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-47293

    In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: May. 07, 2025

  • 7.1

    HIGH
    CVE-2024-13329

    The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : solidres
    • Published: Feb. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13327

    The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : musicbox
    • Published: Feb. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-26891

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to t... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: May. 07, 2025

  • 4.7

    MEDIUM
    CVE-2024-26869

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: May. 07, 2025

  • 3.5

    LOW
    CVE-2024-13585

    The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : ajax_search
    • Published: Feb. 21, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1580

    A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument searchdata leads to sql injectio... Read more

    • Published: Feb. 23, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-30247

    NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security miscon... Read more

    Affected Products : nextcloudpi
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-12308

    The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Feb. 24, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13605

    The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Feb. 24, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-29904

    CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later. ... Read more

    Affected Products : codeigniter
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2024-13822

    The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users su... Read more

    Affected Products : totalcontest
    • Published: Feb. 24, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3390

    A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Affected is the function addandchangeday of the file cn/gson/oass/controller/daymanager/DaymanageController.java of the component Backend. The manipul... Read more

    Affected Products : oa_system
    • Published: Apr. 08, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3391

    A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The ... Read more

    Affected Products : oa_system
    • Published: Apr. 08, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-46572

    passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAM... Read more

    Affected Products : passport-wsfed-saml2
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2022-42054

    Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Descripti... Read more

    Affected Products : goodcloud
    • EPSS Score: %0.12
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-41986

    Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.... Read more

    Affected Products : iij_smartkey
    • EPSS Score: %0.12
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-41799

    Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the ot... Read more

    Affected Products : growi
    • EPSS Score: %0.10
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-41797

    Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerabl... Read more

    Affected Products : lemon8
    • EPSS Score: %0.17
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-40876

    In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %2.47
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025
Showing 20 of 291570 Results