Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-50614

    An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.... Read more

    Affected Products : e880-ir01_firmware e880-ir01
    • EPSS Score: %0.06
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-50028

    In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.... Read more

    Affected Products : sliding_cart_block
    • EPSS Score: %0.14
    • Published: Jan. 19, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-49943

    Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.... Read more

    Affected Products : manageengine_servicedesk_plus_msp
    • EPSS Score: %0.84
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-48858

    A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part.... Read more

    Affected Products : abo.cms
    • EPSS Score: %0.18
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 5.5

    MEDIUM
    CVE-2023-48345

    In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.01
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-46952

    Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.... Read more

    Affected Products : abo.cms
    • EPSS Score: %0.14
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 2.7

    LOW
    CVE-2023-2252

    The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.... Read more

    Affected Products : directorist
    • EPSS Score: %11.53
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-27168

    An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.... Read more

    Affected Products : write-back_manager
    • EPSS Score: %0.24
    • Published: Jan. 19, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-0769

    The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.... Read more

    Affected Products : migration_simple
    • EPSS Score: %0.28
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-0376

    The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site S... Read more

    Affected Products : qubely
    • EPSS Score: %0.23
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-21726

    Inadequate content filtering leads to XSS vulnerabilities in various components.... Read more

    Affected Products : joomla\!
    • Published: Feb. 29, 2024
    • Modified: Jun. 02, 2025

  • 6.4

    MEDIUM
    CVE-2023-50726

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be l... Read more

    Affected Products : argo-cd argo_cd
    • Published: Mar. 13, 2024
    • Modified: Jun. 02, 2025

  • 8.8

    HIGH
    CVE-2024-25228

    Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.... Read more

    Affected Products : vinchin_backup_and_recovery
    • Published: Mar. 14, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2024-28069

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacke... Read more

    Affected Products : micontact_center_business
    • Published: Mar. 16, 2024
    • Modified: Jun. 02, 2025

  • 6.8

    MEDIUM
    CVE-2024-28070

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit co... Read more

    Affected Products : micontact_center_business
    • Published: Mar. 16, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-28123

    Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the d... Read more

    Affected Products : wasmi
    • Published: Mar. 21, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2024-28286

    In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash... Read more

    Affected Products : libiec61850
    • Published: Mar. 21, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-26468

    A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL.... Read more

    Affected Products : url_pages
    • Published: Feb. 26, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-26467

    A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.... Read more

    Affected Products : railroad-diagram_generator
    • Published: Feb. 26, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2025-21605

    Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Re... Read more

    Affected Products : redis
    • Published: Apr. 23, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292247 Results