Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-28870

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as wel... Read more

    Affected Products : suricata
    • Published: Apr. 03, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-30727

    Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t... Read more

    Affected Products : e-business_suite scripting
    • Published: Apr. 15, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-44570

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-3824

    The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : wp_admin_ui_customize
    • EPSS Score: %0.32
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 7.1

    HIGH
    CVE-2025-39778

    In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() The csts_state_names[] array only has six sparse entries, but the iteration code in nvmet_ctrl_state_show() ite... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-39755

    In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmcia_driver struct was still only using the old .name initialization in the drv field. This led to a NULL pointer deref Oops in strcmp calle... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-44571

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-44572

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 4.7

    MEDIUM
    CVE-2024-44573

    A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-44574

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-45422

    When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.... Read more

    Affected Products : smart_share
    • EPSS Score: %0.04
    • Published: Nov. 21, 2022
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2022-23740

    CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitH... Read more

    Affected Products : enterprise_server
    • EPSS Score: %1.95
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 3.7

    LOW
    CVE-2024-44575

    RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-44577

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 4.7

    MEDIUM
    CVE-2024-42794

    Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 4.2

    MEDIUM
    CVE-2024-42795

    An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 5.9

    MEDIUM
    CVE-2024-42796

    An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 7.6

    HIGH
    CVE-2024-42798

    An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-27717

    Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component.... Read more

    Affected Products : eskooly
    • Published: Jul. 05, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-40425

    File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.... Read more

    Affected Products : sparkshop
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025
Showing 20 of 291739 Results