Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-27363

    An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed shor... Read more

    Affected Products : debian_linux freetype
    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-3205

    A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiat... Read more

    Affected Products : student_grading_system
    • Published: Apr. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-48638

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-48272

    D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.... Read more

    • Published: Oct. 30, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3213

    A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark leads to sql injection. The attack can be i... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2023-50740

    In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0... Read more

    Affected Products : linkis
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 9.1

    CRITICAL
    CVE-2024-26580

    Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11... Read more

    Affected Products : inlong
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3120

    A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injec... Read more

    • Published: Apr. 02, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2020-10195

    The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php,... Read more

    Affected Products : popup_builder popup-builder
    • EPSS Score: %0.46
    • Published: Mar. 13, 2020
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2020-10196

    An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker t... Read more

    Affected Products : popup_builder popup-builder
    • EPSS Score: %0.23
    • Published: Mar. 13, 2020
    • Modified: May. 07, 2025

  • 8.2

    HIGH
    CVE-2024-22254

    VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. ... Read more

    Affected Products : esxi cloud_foundation
    • Published: Mar. 05, 2024
    • Modified: May. 07, 2025

  • 7.1

    HIGH
    CVE-2024-22255

    VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.   ... Read more

    • Published: Mar. 05, 2024
    • Modified: May. 07, 2025

  • 9.3

    CRITICAL
    CVE-2024-22253

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process... Read more

    • Published: Mar. 05, 2024
    • Modified: May. 07, 2025

  • 7.0

    HIGH
    CVE-2025-31121

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerabilit... Read more

    Affected Products : openemr
    • Published: Apr. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-28216

    nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2024-28215

    nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 2.7

    LOW
    CVE-2024-28214

    nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-28213

    nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-28212

    nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-28211

    nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025
Showing 20 of 291578 Results