Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-29306

    An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.... Read more

    Affected Products : foxcms
    • Published: Mar. 27, 2025
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2024-25251

    code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.... Read more

    • Published: Feb. 22, 2024
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2024-21116

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : linux_kernel vm_virtualbox
    • Published: Apr. 16, 2024
    • Modified: Jun. 09, 2025

  • 8.6

    HIGH
    CVE-2024-21136

    Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated att... Read more

    Affected Products : retail_xstore_office
    • Published: Jul. 16, 2024
    • Modified: Jun. 09, 2025

  • 7.1

    HIGH
    CVE-2024-21026

    Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with netw... Read more

    • Published: Apr. 16, 2024
    • Modified: Jun. 09, 2025

  • 9.1

    CRITICAL
    CVE-2024-21175

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2023-5388

    NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.... Read more

    • Published: Mar. 19, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-12976

    A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The att... Read more

    • Published: Dec. 27, 2024
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2024-53901

    The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.... Read more

    Affected Products : imager imager
    • Published: Nov. 24, 2024
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2025-2917

    A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch t... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Mar. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-24304

    In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.... Read more

    Affected Products : mailjet
    • Published: Feb. 07, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-24188

    Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.... Read more

    Affected Products : jsish
    • Published: Feb. 07, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-24021

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.... Read more

    Affected Products : novel-plus
    • Published: Feb. 08, 2024
    • Modified: Jun. 09, 2025

  • 5.6

    MEDIUM
    CVE-2024-11616

    Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jun. 09, 2025

  • 6.4

    MEDIUM
    CVE-2023-42983

    Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-22873

    Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST reques... Read more

    • Published: Feb. 26, 2024
    • Modified: Jun. 09, 2025

  • 5.9

    MEDIUM
    CVE-2024-27995

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMe... Read more

    Affected Products : armember
    • Published: Mar. 21, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-32926

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.... Read more

    Affected Products : grand_restaurant
    • Published: May. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-32925

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through 30.7.0.... Read more

    Affected Products : sumo_reward_points
    • Published: May. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-3963

    The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks... Read more

    • Published: Jul. 13, 2024
    • Modified: Jun. 09, 2025
Showing 20 of 293289 Results