Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2024-40455

    An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.... Read more

    Affected Products : thinksaas
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-40456

    ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php.... Read more

    Affected Products : thinksaas
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-38996

    ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrar... Read more

    Affected Products : ag-grid
    • Published: Jul. 01, 2024
    • Modified: Apr. 28, 2025

  • 7.1

    HIGH
    CVE-2025-39735

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-38909

    Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.... Read more

    Affected Products : elfinder
    • Published: Jul. 30, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-40482

    An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : live_membership_system
    • Published: Aug. 12, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-40486

    A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters.... Read more

    Affected Products : live_membership_system
    • Published: Aug. 12, 2024
    • Modified: Apr. 28, 2025

  • 7.6

    HIGH
    CVE-2024-40487

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter.... Read more

    Affected Products : live_membership_system
    • Published: Aug. 12, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-40488

    A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member... Read more

    Affected Products : live_membership_system
    • Published: Aug. 12, 2024
    • Modified: Apr. 28, 2025

  • 5.3

    MEDIUM
    CVE-2025-43921

    GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.... Read more

    Affected Products : mailman
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-43920

    GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that ... Read more

    Affected Products : mailman
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-43919

    GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multip... Read more

    Affected Products : mailman
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2024-8372

    Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issu... Read more

    • Published: Sep. 09, 2024
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2024-42994

    VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 16, 2024
    • Modified: Apr. 28, 2025

  • 8.3

    HIGH
    CVE-2024-42995

    VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 16, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-25837

    A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section.... Read more

    Affected Products : october
    • Published: Aug. 16, 2024
    • Modified: Apr. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-35538

    Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.... Read more

    Affected Products : typecho
    • Published: Aug. 19, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25170

    An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.... Read more

    Affected Products : mezzanine mezzanine
    • Published: Feb. 28, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-26342

    A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.... Read more

    Affected Products : 4g-ac68u_firmware 4g-ac68u
    • Published: Feb. 28, 2024
    • Modified: Apr. 28, 2025

  • 6.1

    MEDIUM
    CVE-2023-51533

    Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4. ... Read more

    Affected Products : ecwid_ecommerce_shopping_cart
    • Published: Feb. 28, 2024
    • Modified: Apr. 28, 2025
Showing 20 of 291739 Results