Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-51332

    A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of genera... Read more

    Affected Products : meeting_room_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-26304

    A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.... Read more

    Affected Products : libming
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-26305

    A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.... Read more

    Affected Products : libming
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-25958

    Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.... Read more

    Affected Products : phpcms
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-25960

    Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator.... Read more

    Affected Products : phpcms
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-25767

    A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-27135

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of pub... Read more

    Affected Products : ragflow
    • Published: Feb. 25, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-2953

    A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit h... Read more

    Affected Products : pytorch
    • Published: Mar. 30, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-32176

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator Gallery Blocks with Lightbox allows Stored XSS.This issue affects Gallery Blocks with Lightbox: from n/a through 3.2.5.... Read more

    • Published: Apr. 04, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2022-45685

    A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.... Read more

    Affected Products : debian_linux jettison
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-45028

    A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.... Read more

    Affected Products : nvg443b_firmware nvg443b
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-45005

    IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.... Read more

    Affected Products : ew9_firmware ew9
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-44874

    wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h.... Read more

    Affected Products : wasm3
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 4.6

    MEDIUM
    CVE-2022-44636

    The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-44575

    A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by t... Read more

    Affected Products : plm_help_server
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2022-31698

    The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafte... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-46364

    A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. ... Read more

    Affected Products : cxf
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-46363

    A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect... Read more

    Affected Products : cxf
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-46353

    A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-46352

    A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293545 Results