Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-38049

    In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Commit 6eac36bb9eb0 ("x86/resctrl: Allocate the cleanest CLOSID by searching closid_num_dirty_rmid") add... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-1401

    The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_click_info
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-1436

    The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : limit_bio
    • Published: Mar. 13, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-29208

    CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php.... Read more

    Affected Products : gym_management_system
    • Published: Apr. 01, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-30356

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a ... Read more

    Affected Products : cryptolib
    • Published: Apr. 01, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-39728

    In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = n... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2022-45934

    An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.... Read more

    • EPSS Score: %0.31
    • Published: Nov. 27, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-45933

    KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's positi... Read more

    Affected Products : kubeview
    • EPSS Score: %91.29
    • Published: Nov. 27, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-45932

    A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.... Read more

    Affected Products : opendaylight
    • EPSS Score: %0.04
    • Published: Nov. 27, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-45931

    A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.... Read more

    Affected Products : opendaylight
    • EPSS Score: %0.04
    • Published: Nov. 27, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-45930

    A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.... Read more

    Affected Products : opendaylight
    • EPSS Score: %0.05
    • Published: Nov. 27, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-45914

    The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstra... Read more

    Affected Products : electronic_shelf_label_protocol
    • EPSS Score: %0.32
    • Published: Nov. 27, 2022
    • Modified: Apr. 29, 2025

  • 7.0

    HIGH
    CVE-2022-45885

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.... Read more

    • EPSS Score: %0.01
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-45476

    Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. ... Read more

    Affected Products : tiny_file_manager
    • EPSS Score: %0.39
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-45475

    Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. ... Read more

    Affected Products : tiny_file_manager
    • EPSS Score: %0.17
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-45470

    missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.... Read more

    Affected Products : hama
    • EPSS Score: %0.24
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-45461

    The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.... Read more

    Affected Products : linux_kernel netbackup unix
    • EPSS Score: %0.47
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-45225

    Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_ti... Read more

    Affected Products : book_store_management_system
    • EPSS Score: %0.10
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45017

    A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45016

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291312 Results