Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2022-35255

    A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it ass... Read more

    Affected Products : debian_linux sinec_ins node.js
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-27773

    A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.... Read more

    Affected Products : endpoint_manager
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2021-39434

    A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.... Read more

    Affected Products : zktime
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2021-34181

    Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.... Read more

    Affected Products : tomexam
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.6

    HIGH
    CVE-2025-29458

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29457

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2022-46089

    Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.... Read more

    • Published: Mar. 07, 2024
    • Modified: Apr. 24, 2025

  • 4.4

    MEDIUM
    CVE-2022-43880

    IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.... Read more

    Affected Products : qradar_wincollect
    • Published: Mar. 03, 2024
    • Modified: Apr. 24, 2025

  • 9.1

    CRITICAL
    CVE-2022-36029

    Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. ... Read more

    Affected Products : greenlight
    • Published: Apr. 25, 2024
    • Modified: Apr. 24, 2025

  • 9.1

    CRITICAL
    CVE-2022-36028

    Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. ... Read more

    Affected Products : greenlight
    • Published: Apr. 25, 2024
    • Modified: Apr. 24, 2025

  • 5.3

    MEDIUM
    CVE-2025-3691

    A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch t... Read more

    Affected Products : seven_bears_library_cms
    • Published: Apr. 16, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.0

    HIGH
    CVE-2020-11919

    An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.... Read more

    • Published: Nov. 07, 2024
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2020-11918

    An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the w... Read more

    • Published: Nov. 07, 2024
    • Modified: Apr. 24, 2025

  • 4.3

    MEDIUM
    CVE-2020-11917

    An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to dis... Read more

    • Published: Nov. 07, 2024
    • Modified: Apr. 24, 2025

  • 6.3

    MEDIUM
    CVE-2020-11916

    An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking at... Read more

    • Published: Nov. 07, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2025-3690

    A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack m... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3684

    A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument s... Read more

    Affected Products : kindergarten_management_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-55238

    OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-0755

    The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation... Read more

    Affected Products : libbson mongodb
    • Published: Mar. 18, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-2637

    An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, ... Read more

    Affected Products : automation_runtime
    • Published: May. 14, 2024
    • Modified: Apr. 24, 2025
Showing 20 of 293588 Results