Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-47234

    In the Linux kernel, the following vulnerability has been resolved: phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init() Use clk_disable_unprepare() in the error path of mtk_phy_init() to fix some resource leaks.... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 29, 2025

  • 5.9

    MEDIUM
    CVE-2025-2279

    The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored C... Read more

    Affected Products : maps
    • Published: Apr. 04, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2021-47229

    In the Linux kernel, the following vulnerability has been resolved: PCI: aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO transfer by writing value 0 in PIO_START register when previous transfer has not yet completed (which is in... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2021-47227

    In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in __fpu__restore_sig() The non-compacted slowpath uses __copy_from_user() and copies the entire user buffer into the kernel buffer, verbatim. This me... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-28022

    A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm... Read more

    Affected Products : foxman-un unem
    • Published: Jun. 11, 2024
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-3333

    A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menu_update.php. The manipulation of the argument menu leads t... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3334

    A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/category_save.php. The manipulation of the argument Category leads to sql... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3338

    A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/user_save.php. The manipulation of the argument Name leads to sql injection. It is possible t... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3339

    A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user_update.php. The manipulation of the argument ID leads to sql injec... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2021-47226

    In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the ... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-3340

    A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/combo_update.php. The manipulation of the argument ID leads ... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2022-4055

    When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that lo... Read more

    Affected Products : xdg-utils
    • EPSS Score: %0.03
    • Published: Nov. 19, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-45474

    drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.... Read more

    Affected Products : drachtio-server
    • EPSS Score: %0.11
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44820

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-44641

    In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.... Read more

    Affected Products : debian_linux lava
    • EPSS Score: %0.11
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44415

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44414

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44413

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44379

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-38395

    HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches... Read more

    Affected Products : support_assistant fusion
    • EPSS Score: %4.03
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291193 Results