Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-40742

    Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system info... Read more

    Affected Products : mail_sqr_expert
    • EPSS Score: %0.26
    • Published: Oct. 31, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-3786

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an a... Read more

    Affected Products : fedora openssl node.js
    • EPSS Score: %22.05
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-3602

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for th... Read more

    • EPSS Score: %85.70
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-3469

    The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : wp_attachments
    • EPSS Score: %0.18
    • Published: Nov. 14, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-3373

    Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.47
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-3204

    A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. ... Read more

    Affected Products : fedora unbound
    • EPSS Score: %0.30
    • Published: Sep. 26, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-39189

    An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.... Read more

    • EPSS Score: %0.02
    • Published: Sep. 02, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-36946

    nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter ... Read more

    • EPSS Score: %4.54
    • Published: Jul. 27, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2022-36912

    A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.... Read more

    Affected Products : openstack_heat
    • EPSS Score: %0.31
    • Published: Jul. 27, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-36879

    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.... Read more

    • EPSS Score: %0.04
    • Published: Jul. 27, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-41503

    Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.... Read more

    Affected Products : student_enrollment
    • Published: Mar. 07, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2025-0410

    A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname l... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0409

    A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName l... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0408

    A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosNa... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0407

    A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation o... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0406

    A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname l... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0405

    A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads... Read more

    Affected Products : gymxmjpa
    • Published: Jan. 13, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0490

    A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The attack ma... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0489

    A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated re... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0488

    A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. ... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection
Showing 20 of 291221 Results