Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-24054

    External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-24985

    Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.... Read more

    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-30397

    Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.... Read more

    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-37226

    Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-37227

    Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-37231

    Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-43953

    SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.... Read more

    Affected Products : sscms sscms
    • EPSS Score: %0.09
    • Published: Oct. 03, 2023
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-51360

    An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file... Read more

    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-51108

    Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a craf... Read more

    Affected Products : medical_card_generation_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-51107

    Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted p... Read more

    Affected Products : medical_card_generation_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-51101

    PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php.... Read more

    Affected Products : restaurant_table_booking_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-48702

    PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.... Read more

    Affected Products : old_age_home_management_system
    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-24140

    Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'... Read more

    Affected Products : daily_habit_tracker
    • EPSS Score: %2.82
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 4.8

    MEDIUM
    CVE-2024-24134

    Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.... Read more

    Affected Products : online_food_menu
    • EPSS Score: %0.88
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-23739

    An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.... Read more

    Affected Products : macos discord
    • EPSS Score: %30.37
    • Published: Jan. 28, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-22639

    iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface.... Read more

    Affected Products : igalerie
    • EPSS Score: %0.21
    • Published: Jan. 25, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-22559

    LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.... Read more

    Affected Products : lightcms
    • EPSS Score: %0.08
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-22551

    WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.... Read more

    Affected Products : whatacart
    • EPSS Score: %0.09
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2024-22545

    An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.... Read more

    Affected Products : tew-824dru_firmware tew-824dru
    • EPSS Score: %0.11
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 10.0

    CRITICAL
    CVE-2024-20253

    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-pr... Read more

    • EPSS Score: %3.03
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025
Showing 20 of 291741 Results