Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-32715

    Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56493

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2025-27487

    Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-0900

    PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56494

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56495

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56496

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2022-40847

    In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-40845

    The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose s... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 4.9

    MEDIUM
    CVE-2022-40843

    The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42053

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function.... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 4.8

    MEDIUM
    CVE-2022-40846

    In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname.... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-25763

    crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php... Read more

    Affected Products : crmeb
    • Published: Mar. 06, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2022-40844

    In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL b... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-12607

    The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user suppli... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-12609

    The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient p... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-40733

    Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php.... Read more

    Affected Products : daily_expense_manager
    • Published: Jun. 30, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-56518

    Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.... Read more

    Affected Products : management_center
    • Published: Apr. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-40734

    Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php.... Read more

    Affected Products : daily_expense_manager
    • Published: Jun. 30, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12610

    The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and includin... Read more

    Affected Products : school_management_system
    • Published: Mar. 07, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization
Showing 20 of 293625 Results