Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2024-5271

    Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.... Read more

    Affected Products : monitouch_v-sft
    • Published: May. 30, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2024-52047

    A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target s... Read more

    Affected Products : apex_one
    • Published: Dec. 31, 2024
    • Modified: Jul. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-4940

    An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Sid... Read more

    Affected Products : gradio
    • Published: Jun. 22, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2021-39081

    IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Dec. 19, 2024
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2021-3978

    When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.ser... Read more

    Affected Products : octorpki
    • Published: Jan. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2021-4458

    The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied para... Read more

    Affected Products : modern_events_calendar_lite
    • Published: Jul. 12, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2023-39804

    In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.... Read more

    Affected Products : tar
    • Published: Mar. 27, 2024
    • Modified: Jul. 29, 2025

  • 6.3

    MEDIUM
    CVE-2023-47252

    An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it ... Read more

    Affected Products : kernel
    • Published: Apr. 26, 2024
    • Modified: Jul. 29, 2025

  • 9.3

    CRITICAL
    CVE-2024-10044

    A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to explo... Read more

    Affected Products : fastchat
    • Published: Dec. 30, 2024
    • Modified: Jul. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-11180

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and o... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Mar. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-50492

    Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : e-diary_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50491

    Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : bank_locker_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50489

    Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : student_result_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50488

    Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : online_library_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50494

    Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : car_washing_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50493

    Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.... Read more

    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50490

    Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : student_result_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50486

    Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : e-diary_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50485

    Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : online_course_registration
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50487

    Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.... Read more

    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
Showing 20 of 292802 Results