Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-25837

    A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section.... Read more

    Affected Products : october
    • Published: Aug. 16, 2024
    • Modified: Apr. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-35538

    Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.... Read more

    Affected Products : typecho
    • Published: Aug. 19, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25170

    An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.... Read more

    Affected Products : mezzanine mezzanine
    • Published: Feb. 28, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-26342

    A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.... Read more

    Affected Products : 4g-ac68u_firmware 4g-ac68u
    • Published: Feb. 28, 2024
    • Modified: Apr. 28, 2025

  • 6.1

    MEDIUM
    CVE-2023-51533

    Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4. ... Read more

    Affected Products : ecwid_ecommerce_shopping_cart
    • Published: Feb. 28, 2024
    • Modified: Apr. 28, 2025

  • 4.7

    MEDIUM
    CVE-2023-52048

    RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/.... Read more

    Affected Products : ruoyi
    • Published: Feb. 28, 2024
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2024-24714

    Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4. ... Read more

    Affected Products : icons_font_loader
    • Published: Feb. 26, 2024
    • Modified: Apr. 28, 2025

  • 9.2

    CRITICAL
    CVE-2025-0632

    Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download c... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2024-31144

    For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata ... Read more

    Affected Products : xen
    • Published: Feb. 14, 2025
    • Modified: Apr. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-31143

    An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be ... Read more

    Affected Products : xen
    • Published: Jul. 18, 2024
    • Modified: Apr. 26, 2025

  • 6.5

    MEDIUM
    CVE-2023-28746

    Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Mar. 14, 2024
    • Modified: Apr. 26, 2025

  • 7.4

    HIGH
    CVE-2025-22228

    BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.... Read more

    Affected Products : spring_security
    • Published: Mar. 20, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-9287

    A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source v... Read more

    Affected Products : python
    • Published: Oct. 22, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-6096

    In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.... Read more

    Affected Products : telerik_reporting
    • Published: Jul. 24, 2024
    • Modified: Apr. 25, 2025

  • 5.9

    MEDIUM
    CVE-2024-10846

    The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from vers... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2018-5733

    A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8,... Read more

    • EPSS Score: %29.51
    • Published: Jan. 16, 2019
    • Modified: Apr. 25, 2025

  • 4.9

    MEDIUM
    CVE-2022-45535

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • EPSS Score: %0.09
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025

  • 4.9

    MEDIUM
    CVE-2022-45529

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • EPSS Score: %0.09
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-45331

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • EPSS Score: %0.08
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-45330

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • EPSS Score: %0.08
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 291878 Results