Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-28980

    Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 8.2

    HIGH
    CVE-2022-26873

    A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2024-38749

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2.... Read more

    Affected Products : olive_one_click_demo_import
    • Published: Aug. 13, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-6460

    The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in tho... Read more

    Affected Products : grow
    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-42639

    H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.... Read more

    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-6459

    The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execu... Read more

    Affected Products : news_element
    • Published: Aug. 17, 2024
    • Modified: May. 27, 2025

  • 8.1

    HIGH
    CVE-2024-43239

    Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This issue affects Masteriyo - LMS: from n/a through 1.11.4.... Read more

    Affected Products : masteriyo
    • Published: Aug. 18, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-32952

    Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-32950

    Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is ... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-32216

    Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough... Read more

    Affected Products : firefox
    • Published: Jun. 19, 2023
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2023-32215

    Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed ... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 02, 2023
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2023-32212

    An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 02, 2023
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2022-40444

    ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.... Read more

    Affected Products : zzcms
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2022-40443

    An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.... Read more

    Affected Products : zzcms
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-35032

    OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.... Read more

    Affected Products : otfcc
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-57471

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57479

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary com... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57482

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute a... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57473

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary co... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57480

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary comma... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292913 Results