Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-28123

    Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the d... Read more

    Affected Products : wasmi
    • Published: Mar. 21, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2024-28286

    In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash... Read more

    Affected Products : libiec61850
    • Published: Mar. 21, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-26468

    A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL.... Read more

    Affected Products : url_pages
    • Published: Feb. 26, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-26467

    A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.... Read more

    Affected Products : railroad-diagram_generator
    • Published: Feb. 26, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2022-37620

    A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 31, 2022
    • Modified: Jun. 01, 2025

  • 5.6

    MEDIUM
    CVE-2025-1647

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.... Read more

    Affected Products : bootstrap
    • Published: May. 15, 2025
    • Modified: Jun. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2022-41322

    In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.... Read more

    Affected Products : fedora kitty
    • EPSS Score: %0.87
    • Published: Sep. 23, 2022
    • Modified: Jun. 01, 2025

  • 6.5

    MEDIUM
    CVE-2025-5321

    A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfra... Read more

    Affected Products : aim
    • Published: May. 29, 2025
    • Modified: Jun. 01, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-5320

    A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possi... Read more

    Affected Products : gradio
    • Published: May. 29, 2025
    • Modified: Jun. 01, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-5283

    Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 27, 2025
    • Modified: May. 31, 2025
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2025-46836

    net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly... Read more

    Affected Products : net-tools
    • Published: May. 14, 2025
    • Modified: May. 31, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-23368

    A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.... Read more

    Affected Products :
    • Published: Mar. 04, 2025
    • Modified: May. 31, 2025

  • 5.9

    MEDIUM
    CVE-2024-50624

    ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig ... Read more

    Affected Products : kmail
    • Published: Oct. 28, 2024
    • Modified: May. 31, 2025

  • 9.8

    CRITICAL
    CVE-2020-36846

    A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2023-50431

    sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Dec. 09, 2023
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-57338

    An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-57337

    An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-22643

    A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.12
    • Published: Jan. 30, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2023-28484

    In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.... Read more

    Affected Products : debian_linux libxml2
    • EPSS Score: %0.26
    • Published: Apr. 24, 2023
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2022-43680

    In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.... Read more

    • EPSS Score: %0.26
    • Published: Oct. 24, 2022
    • Modified: May. 30, 2025
Showing 20 of 292652 Results