Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-25166

    Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file.... Read more

    Affected Products : 71cms
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-41506

    An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-25400

    Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, an... Read more

    Affected Products : subrion
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 7.5

    HIGH
    CVE-2024-27508

    Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.... Read more

    Affected Products : atheme
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 7.5

    HIGH
    CVE-2024-25840

    In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.... Read more

    Affected Products : account_manager
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 5.9

    MEDIUM
    CVE-2024-25841

    In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection.... Read more

    Affected Products : so_flexibilite
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 5.3

    MEDIUM
    CVE-2024-26458

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.... Read more

    • Published: Feb. 29, 2024
    • Modified: May. 23, 2025

  • 6.5

    MEDIUM
    CVE-2024-53354

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter para... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2023-51773

    BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.... Read more

    Affected Products : bacnet_protocol_stack bacnet_stack
    • Published: Feb. 29, 2024
    • Modified: May. 23, 2025

  • 8.8

    HIGH
    CVE-2024-53355

    Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatea... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-53356

    Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret pose... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-26461

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.... Read more

    • Published: Feb. 29, 2024
    • Modified: May. 23, 2025

  • 6.4

    MEDIUM
    CVE-2025-0804

    The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input saniti... Read more

    Affected Products : clickwhale
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-48761

    Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.... Read more

    Affected Products : celk_saude
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-51182

    HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter.... Read more

    Affected Products : celk_saude
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-54851

    Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.... Read more

    Affected Products : teedy
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2022-35096

    SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.... Read more

    Affected Products : swftools
    • Published: Sep. 23, 2022
    • Modified: May. 23, 2025

  • 5.5

    MEDIUM
    CVE-2022-35095

    SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc.... Read more

    Affected Products : swftools
    • Published: Sep. 23, 2022
    • Modified: May. 23, 2025

  • 5.5

    MEDIUM
    CVE-2022-35094

    SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.... Read more

    Affected Products : swftools
    • Published: Sep. 23, 2022
    • Modified: May. 23, 2025

  • 5.5

    MEDIUM
    CVE-2022-35093

    SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.... Read more

    Affected Products : swftools
    • Published: Sep. 23, 2022
    • Modified: May. 23, 2025
Showing 20 of 292797 Results