Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-33101

    A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.... Read more

    Affected Products : thinksaas
    • Published: Apr. 30, 2024
    • Modified: Apr. 23, 2025

  • 7.3

    HIGH
    CVE-2024-33338

    Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.... Read more

    Affected Products : jizhicms
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-51254

    Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.... Read more

    Affected Products : jfinalcms
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-46410

    PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature... Read more

    Affected Products : publiccms
    • Published: Oct. 08, 2024
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-8488

    The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... Read more

    Affected Products : survey_maker
    • Published: Oct. 08, 2024
    • Modified: Apr. 23, 2025

  • 4.9

    MEDIUM
    CVE-2024-45894

    BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.... Read more

    Affected Products : bluecms bluecms
    • Published: Oct. 07, 2024
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2024-46078

    itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id.... Read more

    • Published: Oct. 04, 2024
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2024-41290

    FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.... Read more

    Affected Products : flatpress
    • Published: Oct. 02, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-48454

    An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component... Read more

    • Published: Oct. 24, 2024
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-30354

    OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers.... Read more

    Affected Products : ovaledge
    • Published: Oct. 25, 2024
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2025-29394

    An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2022-4123

    A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.... Read more

    Affected Products : fedora podman
    • Published: Dec. 08, 2022
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2022-4122

    A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.... Read more

    Affected Products : fedora podman
    • Published: Dec. 08, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-45968

    Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).... Read more

    Affected Products : alist
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2022-45910

    Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, a... Read more

    Affected Products : manifoldcf
    • Published: Dec. 07, 2022
    • Modified: Apr. 22, 2025

  • 4.8

    MEDIUM
    CVE-2022-44213

    ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : automatic_data_master_server
    • Published: Dec. 09, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-44031

    Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.... Read more

    Affected Products : redmine
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.3

    CRITICAL
    CVE-2022-41559

    The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vuln... Read more

    Affected Products : nimbus
    • Published: Dec. 06, 2022
    • Modified: Apr. 22, 2025

  • 4.9

    MEDIUM
    CVE-2022-40939

    In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2... Read more

    Affected Products : secustation_firmware secustation
    • Published: Dec. 08, 2022
    • Modified: Apr. 22, 2025

  • 4.8

    MEDIUM
    CVE-2022-3906

    The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : easy_form_builder
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293667 Results