Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2025-47226

    Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.... Read more

    Affected Products : snipe-it
    • Published: May. 02, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2020-16165

    The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.... Read more

    Affected Products : springblade springblade
    • EPSS Score: %0.24
    • Published: Jul. 30, 2020
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-33332

    An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.... Read more

    Affected Products : springblade
    • Published: Apr. 30, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-43033

    JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: thi... Read more

    Affected Products : windows jpress
    • Published: Aug. 22, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-32358

    An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.... Read more

    Affected Products : jpress
    • Published: Apr. 25, 2024
    • Modified: Jun. 03, 2025

  • 6.2

    MEDIUM
    CVE-2024-51058

    Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.... Read more

    Affected Products : tcpdf
    • Published: Nov. 26, 2024
    • Modified: Jun. 03, 2025

  • 7.3

    HIGH
    CVE-2024-35061

    NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote cod... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-35060

    An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-35059

    An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands.... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 5.9

    MEDIUM
    CVE-2025-4516

    There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= ha... Read more

    Affected Products : python
    • Published: May. 15, 2025
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-23178

    An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.38
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-23177

    An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.42
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-23173

    An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.42
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-22494

    A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.05
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-22492

    A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 4.6

    MEDIUM
    CVE-2024-22028

    Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the in... Read more

    • EPSS Score: %0.04
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 2.4

    LOW
    CVE-2024-0230

    A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.... Read more

    • EPSS Score: %5.16
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-7071

    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization... Read more

    Affected Products : essential_blocks
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-7048

    The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthentica... Read more

    Affected Products : my_sticky_bar
    • EPSS Score: %0.12
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-7019

    The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. ... Read more

    Affected Products : lightstart
    • EPSS Score: %0.10
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292720 Results