Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-39755

    In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmcia_driver struct was still only using the old .name initialization in the drv field. This led to a NULL pointer deref Oops in strcmp calle... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-44571

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-44572

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 4.7

    MEDIUM
    CVE-2024-44573

    A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-44574

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-45422

    When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.... Read more

    Affected Products : smart_share
    • EPSS Score: %0.04
    • Published: Nov. 21, 2022
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2022-23740

    CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitH... Read more

    Affected Products : enterprise_server
    • EPSS Score: %1.95
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 3.7

    LOW
    CVE-2024-44575

    RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-44577

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 4.7

    MEDIUM
    CVE-2024-42794

    Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 4.2

    MEDIUM
    CVE-2024-42795

    An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 5.9

    MEDIUM
    CVE-2024-42796

    An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 7.6

    HIGH
    CVE-2024-42798

    An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-27717

    Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component.... Read more

    Affected Products : eskooly
    • Published: Jul. 05, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-40425

    File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.... Read more

    Affected Products : sparkshop
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 2.7

    LOW
    CVE-2024-40455

    An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.... Read more

    Affected Products : thinksaas
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-40456

    ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php.... Read more

    Affected Products : thinksaas
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-38996

    ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrar... Read more

    Affected Products : ag-grid
    • Published: Jul. 01, 2024
    • Modified: Apr. 28, 2025

  • 7.1

    HIGH
    CVE-2025-39735

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-38909

    Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.... Read more

    Affected Products : elfinder
    • Published: Jul. 30, 2024
    • Modified: Apr. 28, 2025
Showing 20 of 291794 Results