Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2023-33860

    IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie w... Read more

    Affected Products : cpe security_qradar_edr
    • Published: Jul. 10, 2024
    • Modified: May. 19, 2025

  • 6.8

    MEDIUM
    CVE-2024-3851

    A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript p... Read more

    Affected Products : privategpt privategpt
    • Published: May. 16, 2024
    • Modified: May. 19, 2025

  • 5.3

    MEDIUM
    CVE-2025-4838

    A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of ... Read more

    Affected Products :
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-47948

    Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special plat... Read more

    Affected Products :
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2025-47788

    Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server ... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-23166

    The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, ... Read more

    Affected Products : node.js
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Denial of Service

  • 4.4

    MEDIUM
    CVE-2025-23164

    A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled.... Read more

    Affected Products : unifi_protect
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-0403

    Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF.... Read more

    Affected Products : recipes
    • Published: Mar. 01, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-49272

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodif... Read more

    Affected Products : hotel_management
    • EPSS Score: %0.07
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-49271

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed u... Read more

    Affected Products : hotel_management
    • EPSS Score: %0.20
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-49270

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed un... Read more

    Affected Products : hotel_management
    • EPSS Score: %0.20
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-49269

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodifie... Read more

    • EPSS Score: %0.08
    • Published: Dec. 20, 2023
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2025-32819

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-32820

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-32821

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45798

    A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.... Read more

    Affected Products : a950rg_firmware a950rg
    • Published: May. 08, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2024-4758

    The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack... Read more

    Affected Products : muslim_prayer_time_bd
    • Published: Jun. 26, 2024
    • Modified: May. 19, 2025

  • 7.1

    HIGH
    CVE-2024-5287

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 4.8

    MEDIUM
    CVE-2024-5286

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : affiliatewp wp_affiliate_platform
    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025

  • 6.8

    MEDIUM
    CVE-2024-5284

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 19, 2025
Showing 20 of 292507 Results