Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-46257

    A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.... Read more

    • Published: Sep. 27, 2024
    • Modified: Jun. 03, 2025

  • 8.0

    HIGH
    CVE-2023-49528

    Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 12, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-6119

    Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal terminati... Read more

    • Published: Sep. 03, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-0579

    A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command inject... Read more

    Affected Products : x2000r_firmware x2000r
    • EPSS Score: %1.02
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 7.1

    HIGH
    CVE-2023-4387

    A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.02
    • Published: Aug. 16, 2023
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-48863

    SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some at... Read more

    Affected Products : semcms
    • EPSS Score: %0.24
    • Published: Dec. 04, 2023
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-48842

    D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • EPSS Score: %19.39
    • Published: Dec. 01, 2023
    • Modified: Jun. 03, 2025

  • 7.8

    HIGH
    CVE-2023-48645

    An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search wo... Read more

    Affected Products : archibus
    • EPSS Score: %0.03
    • Published: Feb. 02, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-23782

    Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.... Read more

    Affected Products : a-blog_cms
    • EPSS Score: %0.38
    • Published: Jan. 28, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2023-51842

    An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.... Read more

    Affected Products : meshcentral
    • EPSS Score: %0.19
    • Published: Jan. 29, 2024
    • Modified: Jun. 02, 2025

  • 7.2

    HIGH
    CVE-2023-49038

    Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.... Read more

    Affected Products : ls210d_firmware ls210d
    • EPSS Score: %1.03
    • Published: Jan. 29, 2024
    • Modified: Jun. 02, 2025

  • 4.8

    MEDIUM
    CVE-2025-31682

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.... Read more

    Affected Products : drupal google_tag
    • Published: Mar. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-31683

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.... Read more

    Affected Products : drupal google_tag
    • Published: Mar. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-31680

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0.... Read more

    Affected Products : drupal matomo_analytics
    • Published: Mar. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-25090

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affects Dreamstime Stock Photos: from n/a through 4.1.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2023-7200

    The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : eventon
    • EPSS Score: %0.32
    • Published: Jan. 29, 2024
    • Modified: Jun. 02, 2025

  • 7.1

    HIGH
    CVE-2023-6279

    The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a ... Read more

    Affected Products : sites_library
    • EPSS Score: %0.11
    • Published: Jan. 29, 2024
    • Modified: Jun. 02, 2025

  • 7.6

    HIGH
    CVE-2023-50854

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a before 2.4.02.... Read more

    Affected Products : seo_plugin_by_squirrly_seo
    • EPSS Score: %0.14
    • Published: Dec. 28, 2023
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2023-46838

    Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transfer... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.09
    • Published: Jan. 29, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-31681

    Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6.... Read more

    Affected Products : drupal authenticator_login
    • Published: Mar. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization
Showing 20 of 292650 Results