Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2023-43849

    Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-44084

    D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system.... Read more

    Affected Products : di-8100 di-8100g_firmware
    • Published: May. 20, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-28061

    An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.... Read more

    Affected Products :
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 7.3

    HIGH
    CVE-2024-28060

    An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed.... Read more

    Affected Products :
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 4.7

    MEDIUM
    CVE-2024-25676

    An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.... Read more

    Affected Products :
    • Published: May. 01, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-24721

    An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel... Read more

    Affected Products : innovaphone_pbx
    • Published: Feb. 27, 2024
    • Modified: May. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-24720

    An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system.... Read more

    Affected Products : innovaphone_pbx
    • Published: Feb. 27, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2023-51711

    An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.... Read more

    Affected Products : regipay
    • EPSS Score: %0.03
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2023-50872

    The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mention... Read more

    Affected Products :
    • Published: Apr. 16, 2024
    • Modified: May. 30, 2025

  • 6.1

    MEDIUM
    CVE-2023-48644

    An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrat... Read more

    Affected Products : archibus
    • Published: Mar. 05, 2024
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2023-41103

    Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.... Read more

    Affected Products : interact
    • EPSS Score: %0.10
    • Published: Sep. 11, 2023
    • Modified: May. 30, 2025

  • 6.1

    MEDIUM
    CVE-2023-35792

    Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).... Read more

    Affected Products : intella_connect
    • EPSS Score: %0.08
    • Published: Jul. 31, 2023
    • Modified: May. 30, 2025

  • 6.1

    MEDIUM
    CVE-2023-35791

    Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.... Read more

    Affected Products : intella_connect
    • EPSS Score: %0.07
    • Published: Jul. 31, 2023
    • Modified: May. 30, 2025

  • 8.7

    HIGH
    CVE-2023-31223

    Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.... Read more

    Affected Products : dradis
    • EPSS Score: %0.10
    • Published: Apr. 25, 2023
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2023-29505

    An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.... Read more

    • EPSS Score: %0.28
    • Published: Aug. 04, 2023
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-28152

    An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.... Read more

    Affected Products : jword
    • EPSS Score: %0.04
    • Published: Mar. 24, 2023
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-28151

    An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.... Read more

    Affected Products : jspreadsheet
    • EPSS Score: %0.04
    • Published: Mar. 24, 2023
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-28150

    An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.... Read more

    Affected Products : jodf
    • EPSS Score: %0.04
    • Published: Mar. 24, 2023
    • Modified: May. 30, 2025

  • 7.1

    HIGH
    CVE-2023-26099

    An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure.... Read more

    Affected Products : apsal
    • EPSS Score: %0.03
    • Published: Apr. 24, 2023
    • Modified: May. 30, 2025

  • 8.2

    HIGH
    CVE-2023-26098

    An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.... Read more

    Affected Products : apsal
    • EPSS Score: %0.04
    • Published: Apr. 25, 2023
    • Modified: May. 30, 2025
Showing 20 of 292275 Results