Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3334

    A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/category_save.php. The manipulation of the argument Category leads to sql... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3338

    A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/user_save.php. The manipulation of the argument Name leads to sql injection. It is possible t... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3339

    A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user_update.php. The manipulation of the argument ID leads to sql injec... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2021-47226

    In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the ... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-3340

    A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/combo_update.php. The manipulation of the argument ID leads ... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2022-4055

    When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that lo... Read more

    Affected Products : xdg-utils
    • EPSS Score: %0.03
    • Published: Nov. 19, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-45474

    drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.... Read more

    Affected Products : drachtio-server
    • EPSS Score: %0.11
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44820

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-44641

    In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.... Read more

    Affected Products : debian_linux lava
    • EPSS Score: %0.11
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44415

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44414

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44413

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44379

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.06
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-38395

    HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches... Read more

    Affected Products : support_assistant fusion
    • EPSS Score: %4.03
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-2794

    Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack.... Read more

    • EPSS Score: %1.14
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2021-47222

    In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dst_clone() and directly sets the result which is wrong because the entry might have 0 refcnt or be al... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-3729

    A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulat... Read more

    • Published: Apr. 16, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2024-11924

    The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un... Read more

    Affected Products : icegram_express
    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-13925

    The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result ... Read more

    Affected Products : klarna_checkout_for_woocommerce
    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2021-47221

    In the Linux kernel, the following vulnerability has been resolved: mm/slub: actually fix freelist pointer vs redzoning It turns out that SLUB redzoning ("slub_debug=Z") checks from s->object_size rather than from s->inuse (which is normally bumped to m... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 29, 2025
Showing 20 of 291216 Results