Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-54938

    A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2024-55451

    A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously cr... Read more

    Affected Products : ujcms
    • Published: Dec. 16, 2024
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2024-55452

    A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-... Read more

    Affected Products : ujcms
    • Published: Dec. 16, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54934

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.3

    CRITICAL
    CVE-2025-23016

    FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.... Read more

    Affected Products : fcgi
    • Published: Jan. 10, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-21607

    Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to mak... Read more

    Affected Products : vyper
    • Published: Jan. 14, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-21494

    All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/wh... Read more

    Affected Products : caddy-security
    • Published: Feb. 17, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-51052

    S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.... Read more

    Affected Products : s-cms
    • Published: Dec. 21, 2023
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-49032

    An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.... Read more

    Affected Products : self_service_password
    • Published: Dec. 21, 2023
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-45645

    Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44944

    Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or H... Read more

    Affected Products : rukovoditel
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44930

    D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.... Read more

    Affected Products : dhp-w310av_firmware dhp-w310av
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44929

    An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.... Read more

    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44928

    D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.... Read more

    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2022-44533

    A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the unde... Read more

    Affected Products : edgeconnect_enterprise
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-44532

    An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sen... Read more

    Affected Products : edgeconnect_enterprise
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44366

    Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.... Read more

    Affected Products : i21_firmware i21
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44365

    Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.... Read more

    Affected Products : i21_firmware i21
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44363

    Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.... Read more

    Affected Products : i21_firmware i21
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2022-43542

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underly... Read more

    Affected Products : edgeconnect_enterprise
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293562 Results