Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-37857

    SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.... Read more

    Affected Products : lost_and_found_information_system
    • Published: Jul. 29, 2024
    • Modified: Apr. 23, 2025

  • 4.7

    MEDIUM
    CVE-2024-24050

    Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php.... Read more

    Affected Products : workout_journal_app
    • Published: Mar. 20, 2024
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2023-51302

    PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Opt... Read more

    Affected Products : hotel_booking_system
    • Published: Feb. 19, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-40110

    Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.... Read more

    • Published: Jul. 12, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-51303

    PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.... Read more

    Affected Products : event_ticketing_system
    • Published: Feb. 19, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-40402

    A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.... Read more

    Affected Products : simple_library_management_system
    • Published: Jul. 17, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-43951

    LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request parameter.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-43950

    DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load wit... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-43949

    MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-27087

    A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-53568

    A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2022-45758

    SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister.... Read more

    Affected Products : sens
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-45479

    PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H... Read more

    Affected Products : pc_keyboard_wifi\&bluetooth
    • Published: Dec. 05, 2022
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2022-45292

    User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.... Read more

    Affected Products : funkwhale
    • Published: Dec. 09, 2022
    • Modified: Apr. 23, 2025

  • 9.1

    CRITICAL
    CVE-2022-45290

    Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.... Read more

    Affected Products : kbase_doc
    • Published: Dec. 09, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-45275

    An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-45269

    A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.... Read more

    Affected Products : linx_sphere
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 3.5

    LOW
    CVE-2022-45228

    Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.... Read more

    Affected Products : lg01_lora_firmware lg01_lora
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-45227

    The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.... Read more

    Affected Products : lg01_lora_firmware lg01_lora
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-45145

    egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.... Read more

    Affected Products : chicken
    • Published: Dec. 10, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293609 Results