Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-24041

    A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-jou... Read more

    • EPSS Score: %0.21
    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2024-23940

    Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a lib... Read more

    • EPSS Score: %0.06
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2024-23775

    Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().... Read more

    Affected Products : mbed_tls
    • EPSS Score: %0.29
    • Published: Jan. 31, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-23034

    Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.22
    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-23033

    Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.22
    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2024-22938

    Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.... Read more

    Affected Products : bosscms
    • EPSS Score: %0.03
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-22859

    Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes ... Read more

    Affected Products : livewire
    • EPSS Score: %2.19
    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 5.3

    MEDIUM
    CVE-2024-22647

    An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with vali... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.17
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 7.2

    HIGH
    CVE-2024-1069

    The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administ... Read more

    • EPSS Score: %2.85
    • Published: Jan. 31, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-1060

    Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.51
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 4.8

    MEDIUM
    CVE-2023-6165

    The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    • EPSS Score: %0.08
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-51982

    CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to... Read more

    Affected Products : cratedb
    • EPSS Score: %0.04
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 8.2

    HIGH
    CVE-2023-51843

    react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set.... Read more

    Affected Products : react_dashboard
    • EPSS Score: %0.10
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-51837

    Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.... Read more

    Affected Products : meshcentral
    • EPSS Score: %0.08
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2023-42706

    In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.02
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2023-42698

    In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.01
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2023-42685

    In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.02
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2023-42681

    In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.02
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2023-37518

    HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. ... Read more

    Affected Products : bigfix_servicenow_data_flow
    • EPSS Score: %0.12
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-36259

    Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.... Read more

    Affected Products : craft_cms
    • EPSS Score: %0.09
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025
Showing 20 of 291736 Results