Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-24309

    In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.... Read more

    Affected Products : survey_tma
    • Published: Feb. 23, 2024
    • Modified: May. 08, 2025

  • 6.3

    MEDIUM
    CVE-2024-22220

    An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder an... Read more

    Affected Products : terminalfour formbank
    • Published: Feb. 21, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2020-17386

    Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.... Read more

    Affected Products : cellos
    • EPSS Score: %0.33
    • Published: Aug. 25, 2020
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2020-17385

    Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.... Read more

    Affected Products : cellos
    • EPSS Score: %0.42
    • Published: Aug. 25, 2020
    • Modified: May. 08, 2025

  • 9.0

    HIGH
    CVE-2020-17384

    Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.... Read more

    Affected Products : cellos
    • EPSS Score: %0.45
    • Published: Aug. 25, 2020
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-25744

    In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2023-49339

    Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.... Read more

    Affected Products : banner
    • EPSS Score: %0.18
    • Published: Feb. 13, 2024
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2023-45206

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malic... Read more

    Affected Products : collaboration
    • EPSS Score: %0.35
    • Published: Feb. 13, 2024
    • Modified: May. 07, 2025

  • 7.3

    HIGH
    CVE-2023-38960

    Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.... Read more

    Affected Products : raidenftpd
    • EPSS Score: %0.03
    • Published: Feb. 13, 2024
    • Modified: May. 07, 2025

  • 7.1

    HIGH
    CVE-2023-20587

    Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. ... Read more

    Affected Products :
    • EPSS Score: %0.04
    • Published: Feb. 13, 2024
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2021-46757

    Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.... Read more

    • EPSS Score: %0.10
    • Published: Feb. 13, 2024
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-25740

    A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-23763

    SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.... Read more

    Affected Products : gambio
    • EPSS Score: %0.07
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-23759

    Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.... Read more

    Affected Products : gambio
    • EPSS Score: %64.42
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2024-0566

    The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.... Read more

    Affected Products : smart_manager
    • EPSS Score: %2.41
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-0421

    The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.... Read more

    • EPSS Score: %0.52
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-0248

    The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and de... Read more

    Affected Products : eazydocs
    • EPSS Score: %0.23
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2023-6869

    A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.... Read more

    Affected Products : firefox
    • EPSS Score: %0.18
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2023-6858

    Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.... Read more

    • EPSS Score: %0.39
    • Published: Dec. 19, 2023
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2023-6289

    The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.... Read more

    Affected Products : swift_performance
    • EPSS Score: %2.82
    • Published: Dec. 18, 2023
    • Modified: May. 07, 2025
Showing 20 of 291570 Results