Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2024-13949

    Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2024-13957

    SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.4

    HIGH
    CVE-2024-13945

    Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2024-13953

    Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-5106

    A vulnerability was found in Fujian Kelixun 1.0. It has been classified as critical. This affects an unknown part of the file /app/fax/fax_view.php of the component Filename Handler. The manipulation of the argument fax_file leads to os command injection.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-13946

    DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2024-13947

    Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2024-13948

    Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2024-13950

    Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2024-13951

    One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2024-13954

    Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2024-13955

    2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-13958

    Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-6914

    An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading ... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 4.6

    MEDIUM
    CVE-2024-7103

    A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login f... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-48371

    OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObje... Read more

    Affected Products : openfga
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-4338

    Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also ga... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: XML External Entity

  • 6.4

    MEDIUM
    CVE-2025-48695

    An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Targe... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-4379

    DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affe... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-3893

    While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability.  Version 5.20 of MegaBIP fixes this iss... Read more

    Affected Products : megabip
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection
Showing 20 of 292767 Results