Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-28213

    nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-28212

    nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-28211

    nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2024-51328

    Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.... Read more

    • Published: Nov. 04, 2024
    • Modified: May. 07, 2025

  • 5.7

    MEDIUM
    CVE-2024-50996

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cr... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 5.7

    MEDIUM
    CVE-2024-51003

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allo... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 7.0

    HIGH
    CVE-2025-20671

    In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09... Read more

    Affected Products : android mt6878 mt6897 mt6989 mt8676 mt8678 mt6899 mt6991 mt8196 mt2718 +1 more products
    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-20668

    In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS... Read more

    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2022-43231

    Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.09
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43230

    Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43229

    Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43228

    Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php.... Read more

    Affected Products : barangay_management_system
    • EPSS Score: %0.06
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-43170

    A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injec... Read more

    Affected Products : rukovoditel
    • EPSS Score: %6.54
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-42189

    Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.... Read more

    Affected Products : emlog
    • EPSS Score: %0.94
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-41575

    A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.... Read more

    Affected Products : enterprise
    • EPSS Score: %0.20
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-41310

    A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-41309

    A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-40690

    Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.... Read more

    Affected Products : bookstack
    • EPSS Score: %0.46
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-3639

    A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have... Read more

    Affected Products : gitlab
    • EPSS Score: %0.03
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3627

    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sou... Read more

    • EPSS Score: %0.02
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025
Showing 20 of 291712 Results