Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-54188

    Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.... Read more

    Affected Products : netmri
    • Published: May. 22, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2024-41340

    An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2... Read more

    • Published: Feb. 27, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2024-41592

    DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.... Read more

    • Published: Oct. 03, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2025-4696

    A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to ... Read more

    Affected Products : cyber_cafe_management_system
    • Published: May. 15, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-32814

    An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.... Read more

    Affected Products : netmri
    • Published: May. 22, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-32815

    An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.... Read more

    Affected Products : netmri
    • Published: May. 22, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-5149

    A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid lead... Read more

    Affected Products : wcms
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5150

    A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled mod... Read more

    Affected Products : docarray
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-5151

    A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code leads to code in... Read more

    Affected Products : introspect
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5152

    A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID leads to sql inj... Read more

    Affected Products : chanjet_cms
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-5153

    A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. ... Read more

    Affected Products : cms_made_simple
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-46256

    A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.... Read more

    • Published: Sep. 27, 2024
    • Modified: Jun. 03, 2025

  • 6.3

    MEDIUM
    CVE-2024-46257

    A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.... Read more

    • Published: Sep. 27, 2024
    • Modified: Jun. 03, 2025

  • 8.0

    HIGH
    CVE-2023-49528

    Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 12, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-6119

    Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal terminati... Read more

    • Published: Sep. 03, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-0579

    A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command inject... Read more

    Affected Products : x2000r_firmware x2000r
    • EPSS Score: %1.02
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 7.1

    HIGH
    CVE-2023-4387

    A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.02
    • Published: Aug. 16, 2023
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-48863

    SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some at... Read more

    Affected Products : semcms
    • EPSS Score: %0.24
    • Published: Dec. 04, 2023
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-48842

    D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • EPSS Score: %19.39
    • Published: Dec. 01, 2023
    • Modified: Jun. 03, 2025

  • 7.8

    HIGH
    CVE-2023-48645

    An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search wo... Read more

    Affected Products : archibus
    • EPSS Score: %0.03
    • Published: Feb. 02, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292714 Results