Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-0472

    Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.... Read more

    Affected Products : pmb
    • Published: Jan. 16, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-3248

    Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.... Read more

    Affected Products : langflow
    • Actively Exploited
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-0473

    Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoi... Read more

    Affected Products : pmb
    • Published: Jan. 16, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-3146

    A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to in... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3147

    A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can ... Read more

    Affected Products : boat_booking_system
    • Published: Apr. 03, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-3148

    A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is ... Read more

    Affected Products : product_management_system
    • Published: Apr. 03, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-54997

    MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.... Read more

    Affected Products : monica
    • Published: Jan. 10, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-54996

    MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.... Read more

    Affected Products : monica
    • Published: Jan. 10, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-20367

    A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not p... Read more

    Affected Products : enterprise_chat_and_email
    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-54994

    MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.... Read more

    Affected Products : monica
    • Published: Jan. 10, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-20352

    A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficien... Read more

    Affected Products : emergency_responder
    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 8.6

    HIGH
    CVE-2025-46573

    passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with... Read more

    Affected Products : passport-wsfed-saml2
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-43400

    A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators ... Read more

    Affected Products : siveillance_video_mobile_server
    • EPSS Score: %0.71
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42944

    A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in th... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42943

    A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in th... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42941

    A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in th... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42940

    A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-41796

    Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : content_transfer
    • EPSS Score: %0.07
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-40984

    Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name.... Read more

    Affected Products : wtviewere_761941 wtviewerefree
    • EPSS Score: %0.47
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3676

    In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.... Read more

    Affected Products : openj9
    • EPSS Score: %0.34
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025
Showing 20 of 291558 Results