Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-28666

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php... Read more

    Affected Products : dedecms
    • Published: Mar. 13, 2024
    • Modified: Apr. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-4104

    A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.... Read more

    Affected Products : lepton
    • Published: Nov. 28, 2022
    • Modified: Apr. 14, 2025

  • 5.5

    MEDIUM
    CVE-2024-29952

    A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. ... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 17, 2024
    • Modified: Feb. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-35593

    An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products :
    • Published: May. 24, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-6049

    phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.... Read more

    Affected Products : phpmyfaq
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23234

    SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.... Read more

    Affected Products : snapcenter
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-41288

    A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Team... Read more

    Affected Products : jt2go teamcenter_visualization
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-37294

    Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-41696

    Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.... Read more

    Affected Products : vbase vbase_automation_base
    • Published: Mar. 21, 2023
    • Modified: Jan. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-33613

    axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key.... Read more

    Affected Products : axtls
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 5.5

    MEDIUM
    CVE-2023-6381

    Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attac... Read more

    Affected Products : supermailer
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46545

    Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : mjs
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-29751

    An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.... Read more

    Affected Products : navigator
    • Published: Jun. 09, 2023
    • Modified: Jan. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-6701

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2021-27641

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-4207

    The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : image_hover_effects_ultimate
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-38684

    In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 04, 2023
    • Modified: Apr. 10, 2025

  • 5.5

    MEDIUM
    CVE-2023-3488

    Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. ... Read more

    Affected Products : gecko_software_development_kit
    • Published: Jul. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-8633

    The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This mak... Read more

    Affected Products : form_maker
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-8992

    Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.... Read more

    Affected Products : magic_os magicos
    • Published: Dec. 26, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 293636 Results