Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-25844

    An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file.... Read more

    Affected Products : so_flexibilite
    • Published: Mar. 03, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-57665

    JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.... Read more

    Affected Products : jfinalcms
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2024-55415

    DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.... Read more

    Affected Products : voyager
    • Published: Jan. 30, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-0792

    A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. T... Read more

    Affected Products : cdg
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2024-25858

    In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands.... Read more

    Affected Products : pdf_editor pdf_reader
    • Published: Mar. 05, 2024
    • Modified: May. 23, 2025

  • 7.5

    HIGH
    CVE-2024-24278

    An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function.... Read more

    Affected Products : windows teamwire
    • Published: Mar. 05, 2024
    • Modified: May. 23, 2025

  • 7.8

    HIGH
    CVE-2024-21805

    Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to th... Read more

    Affected Products : skysea_client_view
    • Published: Mar. 12, 2024
    • Modified: May. 23, 2025

  • 6.3

    MEDIUM
    CVE-2024-24964

    Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in ... Read more

    Affected Products : skysea_client_view
    • Published: Mar. 12, 2024
    • Modified: May. 23, 2025

  • 7.2

    HIGH
    CVE-2024-2020

    The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products : calculated_fields_form
    • Published: Mar. 13, 2024
    • Modified: May. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-28662

    A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.... Read more

    Affected Products : piwigo
    • Published: Mar. 13, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-0791

    A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated rem... Read more

    Affected Products : cdg
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-25934

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0. ... Read more

    Affected Products : formfacade
    • Published: Mar. 15, 2024
    • Modified: May. 23, 2025

  • 5.3

    MEDIUM
    CVE-2024-24539

    FusionPBX before 5.2.0 does not validate a session.... Read more

    Affected Products : fusionpbx
    • Published: Mar. 18, 2024
    • Modified: May. 23, 2025

  • 7.5

    HIGH
    CVE-2024-23721

    A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.... Read more

    Affected Products : vigor3910_firmware vigor3910
    • Published: Mar. 20, 2024
    • Modified: May. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-0790

    A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be initiated remotely. The ... Read more

    Affected Products : cdg
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0789

    A vulnerability classified as critical has been found in ESAFENET CDG V5. This affects an unknown part of the file /doneDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to initiate the attack remotely. The exploit... Read more

    Affected Products : cdg
    • Published: Jan. 28, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-40775

    When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20... Read more

    Affected Products : bind
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-1219

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the re... Read more

    Affected Products : php
    • Published: Mar. 30, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-1217

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting th... Read more

    Affected Products : php
    • Published: Mar. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-50083

    In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending c... Read more

    Affected Products : linux_kernel
    • Published: Oct. 29, 2024
    • Modified: May. 23, 2025
Showing 20 of 292835 Results