Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-40881

    SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php... Read more

    • EPSS Score: %93.67
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2022-39834

    A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.... Read more

    Affected Products : primekey_ejbca
    • EPSS Score: %0.57
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2021-33897

    A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attem... Read more

    Affected Products : synthesia
    • EPSS Score: %0.03
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2020-23582

    A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.22
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.4

    MEDIUM
    CVE-2012-0216

    The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local... Read more

    Affected Products : apache2
    • EPSS Score: %0.05
    • Published: Apr. 22, 2012
    • Modified: Apr. 29, 2025

  • 3.5

    LOW
    CVE-2024-9771

    The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : wp-recall
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4039

    A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injec... Read more

    Affected Products : rail_pass_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2024-12273

    The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : calculated_fields_form
    • Published: Apr. 29, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-30676

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Apr. 01, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-2055

    The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.... Read more

    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-53868

    Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fi... Read more

    Affected Products : traffic_server
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2019-14865

    A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent... Read more

    • EPSS Score: %0.04
    • Published: Nov. 29, 2019
    • Modified: Apr. 29, 2025

  • 5.9

    MEDIUM
    CVE-2024-9230

    The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : powerpress
    • Published: Apr. 14, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-2563

    The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges... Read more

    Affected Products : user_registration_\&_membership
    • Published: Apr. 14, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-3563

    A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument... Read more

    Affected Products : wuzhicms
    • Published: Apr. 14, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3379

    A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Affected by this vulnerability is an unknown functionality of the component EPSV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. T... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1200

    A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/app/slider_crud.php. The manipulation of the argument del_id leads to sql injecti... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 12, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0534

    A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username lea... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0533

    A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument una... Read more

    • Published: Jan. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-0482

    A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attac... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication
Showing 20 of 291170 Results