Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-6387

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenti... Read more

    • Published: Jul. 01, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2024-4367

    A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.... Read more

    • Published: May. 14, 2024
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2023-41425

    Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.... Read more

    Affected Products : wondercms
    • Published: Nov. 07, 2023
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2023-2745

    WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a cr... Read more

    Affected Products : wordpress
    • Published: May. 17, 2023
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-46338

    g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.... Read more

    Affected Products : debian_linux g810-led
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-45869

    A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-37926

    A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exp... Read more

    Affected Products : edgeconnect_enterprise
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2022-37925

    A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker ... Read more

    Affected Products : edgeconnect_enterprise
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2022-35120

    IXPdata EasyInstall 6.6.14725 contains an access control issue.... Read more

    Affected Products : easyinstall
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-30528

    SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.... Read more

    Affected Products : isic.lk
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-45648

    Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.9

    MEDIUM
    CVE-2022-44212

    In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.... Read more

    Affected Products : goodcloud
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 7.4

    HIGH
    CVE-2022-44211

    In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings.... Read more

    Affected Products : goodcloud
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-43333

    Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.... Read more

    Affected Products : tvox
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-36431

    An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1.... Read more

    Affected Products : trufusion
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-25848

    This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.... Read more

    Affected Products : static-dev-server
    • Published: Nov. 29, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2020-35605

    The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.... Read more

    Affected Products : debian_linux kitty kitty
    • Published: Dec. 21, 2020
    • Modified: Apr. 24, 2025

  • 8.2

    HIGH
    CVE-2025-30289

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileg... Read more

    Affected Products : coldfusion
    • Published: Apr. 08, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-40717

    A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network sh... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.7

    HIGH
    CVE-2024-42451

    A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup ... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025
Showing 20 of 293542 Results