Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-3539

    The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html ca... Read more

    Affected Products : testimonials testimonials_pro
    • EPSS Score: %0.12
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-3538

    The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins... Read more

    Affected Products : webmaster_tools_verification
    • EPSS Score: %0.20
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-3484

    The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : wpb_show_core
    • EPSS Score: %11.49
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-38666

    Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.... Read more

    • EPSS Score: %0.03
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-38148

    Silverstripe silverstripe/framework through 4.11 allows SQL Injection.... Read more

    Affected Products : framework
    • EPSS Score: %0.22
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-38146

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).... Read more

    Affected Products : framework admin
    • EPSS Score: %0.32
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 6.8

    MEDIUM
    CVE-2022-35897

    An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execu... Read more

    Affected Products : kernel
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-30772

    Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the ad... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-30771

    Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineer... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2021-38819

    A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page.... Read more

    Affected Products : simple_image_gallery_web_app
    • EPSS Score: %0.33
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2021-31608

    Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.... Read more

    Affected Products : enterprise_protection
    • EPSS Score: %0.10
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52912

    Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-46237

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Stored XSS. This issue affects Link Library: from n/a through 7.8.... Read more

    Affected Products : link_library
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-32796

    Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal us... Read more

    Affected Products : dify
    • Published: Apr. 18, 2025
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-45428

    In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2025-32021

    Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation ... Read more

    Affected Products : weblate
    • Published: Apr. 15, 2025
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2025-32968

    XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrar... Read more

    Affected Products : xwiki
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2025-31117

    OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauth... Read more

    Affected Products : openemr
    • Published: Mar. 31, 2025
    • Modified: Apr. 30, 2025

  • 6.4

    MEDIUM
    CVE-2025-30149

    OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulner... Read more

    Affected Products : openemr
    • Published: Mar. 31, 2025
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-29911

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer o... Read more

    Affected Products : cryptolib
    • Published: Mar. 17, 2025
    • Modified: Apr. 30, 2025
Showing 20 of 291157 Results