Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-42100

    KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.... Read more

    Affected Products : klik
    • EPSS Score: %0.12
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-2766

    A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The ... Read more

    Affected Products : e-office weaver_office_automation
    • EPSS Score: %91.82
    • Published: May. 17, 2023
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-2765

    A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The att... Read more

    Affected Products : e-office weaver_office_automation
    • EPSS Score: %0.19
    • Published: May. 17, 2023
    • Modified: Apr. 25, 2025

  • 7.3

    HIGH
    CVE-2023-42875

    Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2023-38614

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-28399

    An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.... Read more

    Affected Products : xmall
    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2023-37187

    C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.... Read more

    Affected Products : c-blosc2 c-blosc2
    • EPSS Score: %0.19
    • Published: Dec. 25, 2023
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-37188

    C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.... Read more

    Affected Products : c-blosc2 c-blosc2
    • EPSS Score: %0.18
    • Published: Dec. 25, 2023
    • Modified: Apr. 25, 2025

  • 9.3

    HIGH
    CVE-2020-29367

    blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.... Read more

    Affected Products : c-blosc2 c-blosc2
    • EPSS Score: %0.13
    • Published: Nov. 27, 2020
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-37186

    C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.... Read more

    Affected Products : c-blosc2 c-blosc2
    • EPSS Score: %0.19
    • Published: Dec. 25, 2023
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-37185

    C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c.... Read more

    Affected Products : c-blosc2 c-blosc2
    • EPSS Score: %0.19
    • Published: Dec. 25, 2023
    • Modified: Apr. 25, 2025

  • 5.5

    MEDIUM
    CVE-2025-29213

    A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.... Read more

    Affected Products : jeewms
    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2024-44843

    An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.... Read more

    Affected Products : steve
    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-3369

    A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload... Read more

    Affected Products : car_rental
    • Published: Apr. 06, 2024
    • Modified: Apr. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-26268

    DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.... Read more

    Affected Products : dragonfly
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Denial of Service

  • 8.4

    HIGH
    CVE-2024-55211

    An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.... Read more

    Affected Products : tk-rt-wr135g_firmware tk-rt-wr135g
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-43015

    In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces... Read more

    Affected Products : rubymine
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-29449

    An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.... Read more

    Affected Products : twonav
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29460

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2023-32837

    In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issu... Read more

    • EPSS Score: %0.03
    • Published: Nov. 06, 2023
    • Modified: Apr. 25, 2025
Showing 20 of 291794 Results