Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-13822

    The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users su... Read more

    Affected Products : totalcontest
    • Published: Feb. 24, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3390

    A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Affected is the function addandchangeday of the file cn/gson/oass/controller/daymanager/DaymanageController.java of the component Backend. The manipul... Read more

    Affected Products : oa_system
    • Published: Apr. 08, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3391

    A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this vulnerability is the function outAddress of the file cn/gson/oass/controller/address/AddrController. java of the component Backend. The ... Read more

    Affected Products : oa_system
    • Published: Apr. 08, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-46572

    passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAM... Read more

    Affected Products : passport-wsfed-saml2
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2022-42054

    Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Descripti... Read more

    Affected Products : goodcloud
    • EPSS Score: %0.12
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-41986

    Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.... Read more

    Affected Products : iij_smartkey
    • EPSS Score: %0.12
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-41799

    Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the ot... Read more

    Affected Products : growi
    • EPSS Score: %0.10
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-41797

    Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerabl... Read more

    Affected Products : lemon8
    • EPSS Score: %0.17
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-40876

    In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %2.47
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-40875

    Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.12
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-40874

    Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.13
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-39978

    Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the pic... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.28
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-39977

    Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upl... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.28
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-39976

    School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=.... Read more

    • EPSS Score: %0.08
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38734

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38733

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38732

    SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.54
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38731

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38730

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38729

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025
Showing 20 of 291804 Results