Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-22776

    Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.... Read more

    Affected Products : wallos
    • Published: Feb. 23, 2024
    • Modified: Jun. 03, 2025

  • 8.1

    HIGH
    CVE-2024-29320

    Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.... Read more

    Affected Products : wallos
    • Published: Apr. 30, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-55371

    Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authentic... Read more

    Affected Products : wallos
    • Published: Apr. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-55372

    Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unaut... Read more

    Affected Products : wallos
    • Published: Apr. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-51508

    Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.... Read more

    Affected Products : tikiwiki_cms\/groupware tiki
    • Published: Oct. 28, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-51509

    Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.... Read more

    Affected Products : tikiwiki_cms\/groupware tiki
    • Published: Oct. 28, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-51507

    Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.... Read more

    Affected Products : tikiwiki_cms\/groupware tiki
    • Published: Oct. 28, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-51506

    Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.... Read more

    Affected Products : tikiwiki_cms\/groupware tiki
    • Published: Oct. 28, 2024
    • Modified: Jun. 03, 2025

  • 5.0

    MEDIUM
    CVE-2025-47226

    Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.... Read more

    Affected Products : snipe-it
    • Published: May. 02, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2020-16165

    The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.... Read more

    Affected Products : springblade springblade
    • EPSS Score: %0.24
    • Published: Jul. 30, 2020
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-33332

    An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.... Read more

    Affected Products : springblade
    • Published: Apr. 30, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-43033

    JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: thi... Read more

    Affected Products : windows jpress
    • Published: Aug. 22, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-32358

    An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.... Read more

    Affected Products : jpress
    • Published: Apr. 25, 2024
    • Modified: Jun. 03, 2025

  • 6.2

    MEDIUM
    CVE-2024-51058

    Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.... Read more

    Affected Products : tcpdf
    • Published: Nov. 26, 2024
    • Modified: Jun. 03, 2025

  • 7.3

    HIGH
    CVE-2024-35061

    NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote cod... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-35060

    An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-35059

    An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands.... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 5.9

    MEDIUM
    CVE-2025-4516

    There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= ha... Read more

    Affected Products : python
    • Published: May. 15, 2025
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-23178

    An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.38
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-23177

    An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.42
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292714 Results