Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2019-3610

    Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.... Read more

    Affected Products : windows true_key
    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-0640

    A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin ... Read more

    Affected Products : chatwoot
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-53500

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MassEditRegex Extension allows Stored XSS.This issue affects Mediawiki - MassEditRegex Extension: from 1.39.X bef... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-1461

    Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a  Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss  ... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2023-48366

    Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Race Condition

  • 5.6

    MEDIUM
    CVE-2024-31068

    Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2025-26158

    A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.... Read more

    • Published: Feb. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-20009

    Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2025-20034

    Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2025-51650

    An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.... Read more

    Affected Products : foxcms foxcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 5.6

    MEDIUM
    CVE-2025-27498

    aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification ca... Read more

    Affected Products : aes-gcm
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cryptography

  • 5.6

    MEDIUM
    CVE-2024-10075

    The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.... Read more

    Affected Products : jetpack
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2024-12863

    Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-2182

    A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A use... Read more

    Affected Products : pan-os
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cryptography

  • 5.6

    MEDIUM
    CVE-2024-53683

    A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the in... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2024-42189

    HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.... Read more

    Affected Products : bigfix_platform
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2019-19751

    easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io.... Read more

    Affected Products :
    • Published: Apr. 30, 2024
    • Modified: Mar. 28, 2025

  • 5.6

    MEDIUM
    CVE-2025-5916

    A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a mali... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-1055

    A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with th... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2024-53423

    An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.... Read more

    Affected Products : onos
    • Published: May. 29, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Denial of Service
Showing 20 of 294836 Results