Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-28233

    Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract ses... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025

  • 9.1

    CRITICAL
    CVE-2025-3200

    An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cryptography

  • 9.1

    CRITICAL
    CVE-2025-45953

    A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely... Read more

    Affected Products : hostel_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-4118

    A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the argument isDelete with the input 1 leads to improper acces... Read more

    Affected Products : wetong_mall mall
    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-12225

    A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers pro... Read more

    Affected Products : quarkus
    • Published: May. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-47549

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.... Read more

    • Published: May. 07, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-31493

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a coll... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2023-50475

    An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.... Read more

    Affected Products : bcoin
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-50731

    MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterward... Read more

    Affected Products : mindsdb
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-5376

    An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.... Read more

    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-52106

    Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-45790

    The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values includ... Read more

    • Published: Jan. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-1359

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability... Read more

    Affected Products : enterprise_server
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-1372

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerabilit... Read more

    Affected Products : enterprise_server
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-1374

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploi... Read more

    Affected Products : enterprise_server
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-25141

    When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.... Read more

    • Published: Feb. 20, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-27561

    A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.... Read more

    Affected Products : wondercms
    • Published: Mar. 05, 2024
    • Modified: Jan. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-2557

    A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated ... Read more

    Affected Products : food_waste_management_system
    • Published: Mar. 17, 2024
    • Modified: May. 07, 2025

  • 9.1

    CRITICAL
    CVE-2024-25294

    An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.... Read more

    Affected Products : rebuild
    • Published: Mar. 20, 2024
    • Modified: Jun. 17, 2025

  • 9.1

    CRITICAL
    CVE-2024-29866

    Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges.... Read more

    Affected Products : seq
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 294863 Results