Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-45038

    A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.... Read more

    Affected Products : wbce_cms
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45037

    A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.... Read more

    Affected Products : wbce_cms
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45036

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.... Read more

    Affected Products : wbce_cms
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 8.1

    HIGH
    CVE-2022-38813

    PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.... Read more

    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-38767

    An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.... Read more

    Affected Products : vxworks
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-26885

    When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.... Read more

    Affected Products : dolphinscheduler
    • Published: Nov. 24, 2022
    • Modified: Apr. 25, 2025

  • 5.5

    MEDIUM
    CVE-2021-39343

    The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user ... Read more

    Affected Products : mpl-publisher mpl-publisher
    • Published: Oct. 19, 2021
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2024-25344

    Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php... Read more

    Affected Products : itflow
    • Published: Feb. 26, 2024
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2024-22371

    Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22... Read more

    Affected Products : camel
    • Published: Feb. 26, 2024
    • Modified: Apr. 25, 2025

  • 6.2

    MEDIUM
    CVE-2023-50246

    jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.... Read more

    Affected Products : jq
    • Published: Dec. 13, 2023
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2021-45985

    In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.... Read more

    Affected Products : lua
    • Published: Apr. 10, 2023
    • Modified: Apr. 25, 2025

  • 7.8

    HIGH
    CVE-2025-22035

    In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. This issu... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22040

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connectio... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-22041

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the second channel sets up a session through the connection... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22085

    In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: =============================================================... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22088

    In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22097

    In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2024-20065

    In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0869... Read more

    Affected Products : android mt6781 mt6835 mt6853 mt6855 mt6877 mt6879 mt6885 mt6886 mt6893 +4 more products
    • Published: Jun. 03, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-20067

    In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issu... Read more

    Affected Products : nr16 nr17 mt6813 mt6835 mt6878 mt6897 mt8792 mt6815 mt6899 mt6991 +2 more products
    • Published: Jun. 03, 2024
    • Modified: Apr. 25, 2025

  • 5.9

    MEDIUM
    CVE-2024-20068

    In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-... Read more

    Affected Products : nr16 nr17 mt6813 mt6835 mt6878 mt6879 mt6895 mt6895t mt6896 mt6897 +17 more products
    • Published: Jun. 03, 2024
    • Modified: Apr. 25, 2025
Showing 20 of 293542 Results