Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-35508

    Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file discl... Read more

    • Published: Dec. 04, 2022
    • Modified: Apr. 24, 2025

  • 7.1

    HIGH
    CVE-2022-35507

    A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-s... Read more

    • Published: Dec. 04, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-32224

    A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ab... Read more

    Affected Products : rails activerecord
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2021-37533

    Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This m... Read more

    Affected Products : debian_linux commons_net
    • Published: Dec. 03, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2025-43928

    In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 ... Read more

    Affected Products : pmrs-102_firmware pmrs-102
    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-43929

    open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).... Read more

    Affected Products : kitty kitty
    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-3821

    A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3822

    A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-54938

    A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2024-55451

    A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously cr... Read more

    Affected Products : ujcms
    • Published: Dec. 16, 2024
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2024-55452

    A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-... Read more

    Affected Products : ujcms
    • Published: Dec. 16, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54934

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.3

    CRITICAL
    CVE-2025-23016

    FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.... Read more

    Affected Products : fcgi
    • Published: Jan. 10, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-21607

    Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to mak... Read more

    Affected Products : vyper
    • Published: Jan. 14, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-21494

    All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/wh... Read more

    Affected Products : caddy-security
    • Published: Feb. 17, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-51052

    S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.... Read more

    Affected Products : s-cms
    • Published: Dec. 21, 2023
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-49032

    An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.... Read more

    Affected Products : self_service_password
    • Published: Dec. 21, 2023
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-45645

    Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44944

    Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or H... Read more

    Affected Products : rukovoditel
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44930

    D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.... Read more

    Affected Products : dhp-w310av_firmware dhp-w310av
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293542 Results