Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-43352

    Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.09
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-42788

    A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information.... Read more

    Affected Products : macos
    • EPSS Score: %0.06
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-25918

    The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.... Read more

    Affected Products : shescape
    • EPSS Score: %0.27
    • Published: Oct. 27, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2019-8062

    Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : after_effects
    • EPSS Score: %7.87
    • Published: Aug. 14, 2019
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2018-9866

    A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.... Read more

    Affected Products : global_management_system
    • EPSS Score: %11.74
    • Published: Aug. 03, 2018
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2017-6511

    andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.... Read more

    Affected Products : finecms
    • EPSS Score: %0.24
    • Published: Mar. 07, 2017
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2025-27193

    Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : macos windows bridge
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27194

    Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos media_encoder windows
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27195

    Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic... Read more

    Affected Products : macos media_encoder windows
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27196

    Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more

    Affected Products : macos premiere_pro windows
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27198

    Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : macos windows photoshop
    • Published: Apr. 08, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-0779

    The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for e... Read more

    Affected Products : enjoy_social_feed
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2024-0858

    The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees.... Read more

    Affected Products : innovs_hr
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-0973

    The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : widget_for_social_page_feeds
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2024-1401

    The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil... Read more

    Affected Products : profile_box_shortcode_and_widget
    • Published: Mar. 19, 2024
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-7246

    The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks... Read more

    Affected Products : system_dashboard
    • Published: Mar. 20, 2024
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-0337

    The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users ... Read more

    Affected Products : travelpayouts
    • Published: Mar. 20, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2024-0856

    The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying... Read more

    Affected Products : appointment_booking_calendar
    • Published: Mar. 20, 2024
    • Modified: May. 05, 2025

  • 7.1

    HIGH
    CVE-2024-1983

    The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.... Read more

    Affected Products : simple_ajax_chat
    • Published: Mar. 20, 2024
    • Modified: May. 05, 2025

  • 6.2

    MEDIUM
    CVE-2025-29316

    An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information. NOTE: the Supplier disputes the Print Job Watermark Bypass claim because the watermark is added by hook... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291255 Results