Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-29462

    A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-29453

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29454

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29455

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29456

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-45235

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field.... Read more

    Affected Products : fort_validator
    • Published: Aug. 24, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-45238

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. Open... Read more

    Affected Products : fort_validator
    • Published: Aug. 24, 2024
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2024-56169

    A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields inc... Read more

    Affected Products : fort_validator
    • Published: Dec. 18, 2024
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-33307

    SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User.... Read more

    Affected Products : laboratory_management_system
    • Published: May. 01, 2024
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-3131

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, fr... Read more

    Affected Products : eca\
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2024-33302

    SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users.... Read more

    • Published: May. 02, 2024
    • Modified: Apr. 22, 2025

  • 8.2

    HIGH
    CVE-2024-33303

    SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users.... Read more

    • Published: May. 02, 2024
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2024-23910

    Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. ... Read more

    • Published: Feb. 28, 2024
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2023-52490

    In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointe... Read more

    Affected Products : linux_kernel
    • Published: Mar. 11, 2024
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-51696

    Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. ... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-46343

    A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is runn... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-46342

    A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-46341

    A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems w... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-46340

    A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput req... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-46256

    A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the... Read more

    Affected Products : enterprise_server
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293633 Results