Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-46672

    NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2025-3954

    A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launc... Read more

    Affected Products : churchcrm
    • Published: Apr. 26, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-29915

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. Howeve... Read more

    Affected Products : suricata
    • Published: Apr. 10, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.2

    MEDIUM
    CVE-2023-45913

    Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using D... Read more

    Affected Products : mesa
    • Published: Mar. 27, 2024
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2023-45931

    Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.... Read more

    Affected Products : mesa
    • Published: Mar. 27, 2024
    • Modified: May. 29, 2025

  • 5.3

    MEDIUM
    CVE-2023-45919

    Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.... Read more

    Affected Products : mesa
    • Published: Mar. 27, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-24945

    A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal... Read more

    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-24331

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-24327

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-24061

    springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.... Read more

    Affected Products : springboot-manager
    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-24041

    A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-jou... Read more

    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2024-23940

    Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a lib... Read more

    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2024-23775

    Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().... Read more

    Affected Products : mbed_tls
    • Published: Jan. 31, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-23034

    Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-23033

    Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2024-22938

    Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.... Read more

    Affected Products : bosscms
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-22859

    Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes ... Read more

    Affected Products : livewire
    • Published: Feb. 01, 2024
    • Modified: May. 29, 2025

  • 5.3

    MEDIUM
    CVE-2024-22647

    An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with vali... Read more

    Affected Products : seo_panel
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 7.2

    HIGH
    CVE-2024-1069

    The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administ... Read more

    • Published: Jan. 31, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-1060

    Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025
Showing 20 of 292811 Results