Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-4991

    A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-23589

    Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cryptography

  • 9.1

    CRITICAL
    CVE-2023-45929

    S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().... Read more

    Affected Products : s-lang
    • Published: Mar. 27, 2024
    • Modified: May. 30, 2025

  • 8.4

    HIGH
    CVE-2025-46688

    quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.... Read more

    Affected Products : quickjs quickjs
    • Published: Apr. 27, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-27113

    pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php.... Read more

    Affected Products : pearprojectapi
    • Published: Jan. 21, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-27112

    pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php.... Read more

    Affected Products : pearprojectapi
    • Published: Jan. 21, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2023-43850

    Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to cause a partial DoS of web interface via HTTP POST request.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 8.0

    HIGH
    CVE-2023-43848

    Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 5.3

    MEDIUM
    CVE-2023-43847

    Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 5.3

    MEDIUM
    CVE-2023-43846

    Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request. The logs contain such information as user names and IP addresses used in the infr... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-43845

    Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 8.0

    HIGH
    CVE-2023-43844

    Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator privileg... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2023-43849

    Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-44084

    D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system.... Read more

    Affected Products : di-8100 di-8100g_firmware
    • Published: May. 20, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-28061

    An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.... Read more

    Affected Products :
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 7.3

    HIGH
    CVE-2024-28060

    An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed.... Read more

    Affected Products :
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 4.7

    MEDIUM
    CVE-2024-25676

    An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.... Read more

    Affected Products :
    • Published: May. 01, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-24721

    An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel... Read more

    Affected Products : innovaphone_pbx
    • Published: Feb. 27, 2024
    • Modified: May. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-24720

    An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system.... Read more

    Affected Products : innovaphone_pbx
    • Published: Feb. 27, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2023-51711

    An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.... Read more

    Affected Products : regipay
    • EPSS Score: %0.03
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025
Showing 20 of 292247 Results