Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-20019

    In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID:... Read more

    Affected Products : mt7927 mt7925 software_package
    • Published: Mar. 04, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2024-28424

    zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : zenml
    • Published: Mar. 14, 2024
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2021-47208

    The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.... Read more

    Affected Products : mojolicious
    • Published: Apr. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-20017

    In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Is... Read more

    • Published: Mar. 04, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-30849

    Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php.... Read more

    Affected Products : complete_e-commerce_site
    • Published: Apr. 05, 2024
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-32342

    A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.... Read more

    Affected Products : boidcms
    • Published: Apr. 17, 2024
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-32343

    A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.... Read more

    Affected Products : boidcms
    • Published: Apr. 17, 2024
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-32481

    Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always reve... Read more

    Affected Products : vyper
    • Published: Apr. 25, 2024
    • Modified: May. 05, 2025

  • 4.9

    MEDIUM
    CVE-2024-25288

    SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.... Read more

    • Published: Feb. 21, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2024-25165

    A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.... Read more

    Affected Products : swftools
    • EPSS Score: %0.12
    • Published: Feb. 14, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-26793

    libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.... Read more

    Affected Products : libmodbus
    • Published: May. 01, 2024
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-35384

    An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file.... Read more

    Affected Products : mjs
    • Published: May. 21, 2024
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-35385

    An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.... Read more

    Affected Products : mjs
    • Published: May. 21, 2024
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2025-32690

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through 11.12.5.... Read more

    Affected Products : powerpress
    • Published: Apr. 09, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2022-42799

    The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.... Read more

    • EPSS Score: %0.53
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-42798

    The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio ... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.06
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-42791

    A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-42318

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, ... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.05
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 8.2

    HIGH
    CVE-2022-36338

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVar... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.06
    • Published: Sep. 23, 2022
    • Modified: May. 05, 2025

  • 6.0

    MEDIUM
    CVE-2022-35896

    An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.06
    • Published: Sep. 22, 2022
    • Modified: May. 05, 2025
Showing 20 of 291827 Results