Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-3162

    A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deseriali... Read more

    Affected Products : lmdeploy
    • Published: Apr. 03, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-2946

    pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.... Read more

    Affected Products : pgadmin pgadmin_4
    • Published: Apr. 03, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-32464

    HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.... Read more

    Affected Products : haproxy
    • Published: Apr. 09, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2021-36471

    Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. Note: AdminLTE developers dispute that this a weakness with AdminLTE an... Read more

    Affected Products : adminlte
    • Published: Feb. 07, 2023
    • Modified: Apr. 23, 2025

  • 5.5

    MEDIUM
    CVE-2024-57672

    An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.... Read more

    Affected Products : floodlight
    • Published: Feb. 06, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-57673

    An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module... Read more

    Affected Products : floodlight
    • Published: Feb. 06, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-0881

    A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possibl... Read more

    • Published: Jan. 30, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-57369

    Clickjacking vulnerability in typecho v1.2.1.... Read more

    Affected Products : typecho
    • Published: Jan. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-55000

    Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php.... Read more

    • Published: Jan. 14, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-56116

    A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.... Read more

    Affected Products : amiro.cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-56115

    A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack.... Read more

    Affected Products : amiro.cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-32841

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-32839

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-50330

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 12, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-43437

    A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-43439

    A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-32844

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 2.7

    LOW
    CVE-2022-3710

    A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.... Read more

    • Published: Dec. 01, 2022
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2022-23143

    ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.... Read more

    Affected Products : otcp_firmware otcp
    • Published: Dec. 05, 2022
    • Modified: Apr. 23, 2025

  • 5.9

    MEDIUM
    CVE-2022-45478

    Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N... Read more

    Affected Products : telepad
    • Published: Dec. 05, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293566 Results