Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-42245

    Dreamer CMS 4.0.01 is vulnerable to SQL Injection.... Read more

    Affected Products : dreamer_cms
    • EPSS Score: %0.07
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-42187

    Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.... Read more

    Affected Products : hustoj
    • EPSS Score: %0.10
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.0

    CRITICAL
    CVE-2022-41558

    The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TI... Read more

    • EPSS Score: %0.80
    • Published: Nov. 15, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-40881

    SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php... Read more

    • EPSS Score: %93.67
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2022-39834

    A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.... Read more

    Affected Products : primekey_ejbca
    • EPSS Score: %0.57
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2021-33897

    A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attem... Read more

    Affected Products : synthesia
    • EPSS Score: %0.03
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2020-23582

    A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.22
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.4

    MEDIUM
    CVE-2012-0216

    The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local... Read more

    Affected Products : apache2
    • EPSS Score: %0.05
    • Published: Apr. 22, 2012
    • Modified: Apr. 29, 2025

  • 3.5

    LOW
    CVE-2024-9771

    The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : wp-recall
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-4039

    A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injec... Read more

    Affected Products : rail_pass_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025

  • 3.5

    LOW
    CVE-2024-12273

    The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : calculated_fields_form
    • Published: Apr. 29, 2025
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2025-30676

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Apr. 01, 2025
    • Modified: Apr. 29, 2025

  • 6.8

    MEDIUM
    CVE-2025-2055

    The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.... Read more

    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2024-53868

    Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fi... Read more

    Affected Products : traffic_server
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025

  • 5.9

    MEDIUM
    CVE-2019-14865

    A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent... Read more

    • EPSS Score: %0.04
    • Published: Nov. 29, 2019
    • Modified: Apr. 29, 2025

  • 5.9

    MEDIUM
    CVE-2024-9230

    The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : powerpress
    • Published: Apr. 14, 2025
    • Modified: Apr. 29, 2025

  • 8.1

    HIGH
    CVE-2025-2563

    The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges... Read more

    Affected Products : user_registration_\&_membership
    • Published: Apr. 14, 2025
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2025-3563

    A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument... Read more

    Affected Products : wuzhicms
    • Published: Apr. 14, 2025
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-3379

    A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Affected by this vulnerability is an unknown functionality of the component EPSV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. T... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2025-1200

    A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/app/slider_crud.php. The manipulation of the argument del_id leads to sql injecti... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 12, 2025
    • Modified: Apr. 29, 2025
Showing 20 of 291158 Results