Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.9

    LOW
    CVE-2025-46656

    python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.... Read more

    Affected Products : markdownify
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-46655

    CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error i... Read more

    Affected Products : codimd
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-46653

    Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only t... Read more

    Affected Products : formidable
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-31686

    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.... Read more

    Affected Products : open_social
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-31685

    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.... Read more

    Affected Products : open_social
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-53636

    An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2022-45015

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.... Read more

    Affected Products : wbce_cms
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45014

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.... Read more

    Affected Products : wbce_cms
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45013

    A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.... Read more

    Affected Products : wbce_cms
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45012

    A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.... Read more

    Affected Products : wbce_cms
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-44830

    Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.... Read more

    Affected Products : event_registration_application
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-44788

    An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.... Read more

    Affected Products : appalti_\&_contratti
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-44787

    An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victi... Read more

    Affected Products : appalti_\&_contratti
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44786

    An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each applic... Read more

    Affected Products : appalti_\&_contratti
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44785

    An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter.... Read more

    Affected Products : appalti_\&_contratti
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-44784

    An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Loca... Read more

    Affected Products : appalti_\&_contratti
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-44647

    An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privil... Read more

    Affected Products : windows apex_one
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44168

    Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..... Read more

    Affected Products : ac15_firmware ac15
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44167

    Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44163

    Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.... Read more

    Affected Products : ac21_firmware ac21
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 292767 Results