Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-41525

    Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2023-40992

    Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-4445

    The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authent... Read more

    Affected Products : wp_compress
    • Published: May. 14, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-37119

    Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0.... Read more

    Affected Products : uncanny_automator
    • Published: Nov. 01, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-37470

    Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.... Read more

    Affected Products : woffice
    • Published: Nov. 01, 2024
    • Modified: Aug. 11, 2025

  • 8.6

    HIGH
    CVE-2024-20351

    A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be d... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-25613

    An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. ... Read more

    Affected Products : identity_backend kerby_ldap_backend
    • EPSS Score: %0.13
    • Published: Feb. 20, 2023
    • Modified: Aug. 11, 2025

  • 8.6

    HIGH
    CVE-2024-20342

    Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.  This vulnerability is due to an ... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-12267

    The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-2331

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it ... Read more

    Affected Products : givewp
    • Published: Mar. 22, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-8582

    Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-8578

    Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8576

    Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-1320

    The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : teachpress
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2025-2530

    Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit ... Read more

    Affected Products : keyshot
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2531

    Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this ... Read more

    Affected Products : keyshot
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2023-47470

    Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct functi... Read more

    Affected Products : ffmpeg
    • EPSS Score: %1.36
    • Published: Nov. 16, 2023
    • Modified: Aug. 11, 2025

  • 7.5

    HIGH
    CVE-2024-22861

    Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.02
    • Published: Jan. 27, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-22862

    Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %2.00
    • Published: Jan. 27, 2024
    • Modified: Aug. 11, 2025

  • 5.5

    MEDIUM
    CVE-2023-46407

    FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.02
    • Published: Oct. 27, 2023
    • Modified: Aug. 11, 2025
Showing 20 of 291401 Results