Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-3369

    A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload... Read more

    Affected Products : car_rental
    • Published: Apr. 06, 2024
    • Modified: Apr. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-26268

    DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.... Read more

    Affected Products : dragonfly
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Denial of Service

  • 8.4

    HIGH
    CVE-2024-55211

    An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.... Read more

    Affected Products : tk-rt-wr135g_firmware tk-rt-wr135g
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-43015

    In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces... Read more

    Affected Products : rubymine
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-29449

    An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.... Read more

    Affected Products : twonav
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29460

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2023-32837

    In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issu... Read more

    • Published: Nov. 06, 2023
    • Modified: Apr. 25, 2025

  • 6.7

    MEDIUM
    CVE-2023-32836

    In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: AL... Read more

    • Published: Nov. 06, 2023
    • Modified: Apr. 25, 2025

  • 7.0

    HIGH
    CVE-2023-32832

    In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: AL... Read more

    • Published: Nov. 06, 2023
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-45329

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 6.5

    MEDIUM
    CVE-2022-44937

    Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.... Read more

    Affected Products : bosscms
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44354

    SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.... Read more

    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-44279

    Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.... Read more

    Affected Products : garage_management_system
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44038

    Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.... Read more

    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44037

    An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without aut... Read more

    Affected Products : ecu-c_firmware ecu-c
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-3828

    The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : video_thumbnails
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-3768

    The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author... Read more

    Affected Products : wpsmartcontracts
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-3610

    The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : jeeng_push_notifications
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 7.2

    HIGH
    CVE-2022-3490

    The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is pr... Read more

    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-2983

    The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : salat_times
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 293508 Results