Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-12807

    The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : social_share_buttons share_buttons
    • Published: Jan. 28, 2025
    • Modified: May. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-31191

    This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: Mar. 31, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-4175

    A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2022-42983

    anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.... Read more

    Affected Products : report aj-report
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-42980

    go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.... Read more

    Affected Products : go-admin
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 7.5

    HIGH
    CVE-2022-42975

    socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.... Read more

    Affected Products : phoenix
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-42237

    A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.... Read more

    Affected Products : merchandise_online_store
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-42114

    A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 18, 2022
    • Modified: May. 10, 2025

  • 6.1

    MEDIUM
    CVE-2022-42113

    A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 18, 2022
    • Modified: May. 10, 2025

  • 7.5

    HIGH
    CVE-2022-41547

    Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.... Read more

    Affected Products : mobile_security_framework
    • Published: Oct. 18, 2022
    • Modified: May. 10, 2025

  • 8.8

    HIGH
    CVE-2022-3368

    A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.... Read more

    Affected Products : avira_security
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 7.0

    HIGH
    CVE-2025-46326

    snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector read... Read more

    Affected Products : snowflake_connector
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2024-32499

    Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.... Read more

    Affected Products : project_center_server
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4028

    A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql ... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-4029

    A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record Handler. The manipulation of the argument filename leads to stack-base... Read more

    Affected Products : personal_diary_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4030

    A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. This affects an unknown part of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It i... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4031

    A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The atta... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-34489

    GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service.... Read more

    Affected Products : mailessentials
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-34490

    GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.... Read more

    Affected Products : mailessentials
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: XML External Entity

  • 8.1

    HIGH
    CVE-2025-4032

    A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtual_environments/terminals/shell_t... Read more

    Affected Products : aworld
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Injection
Showing 20 of 293280 Results