Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-51301

    A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large am... Read more

    Affected Products : hotel_booking_system
    • Published: Feb. 19, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2023-44753

    A stored cross-site scripting (XSS) vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-44752

    An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2023-44040

    In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate.... Read more

    Affected Products : veridiumad
    • Published: Apr. 03, 2024
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2023-36643

    Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function.... Read more

    Affected Products : tradepro
    • Published: Apr. 04, 2024
    • Modified: Apr. 24, 2025

  • 9.3

    CRITICAL
    CVE-2024-7263

    Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitig... Read more

    Affected Products : wps_office windows
    • Published: Aug. 15, 2024
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2023-20249

    A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is... Read more

    Affected Products : telepresence_management_suite
    • Published: Apr. 24, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-36645

    SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function.... Read more

    Affected Products : tradepro
    • Published: Apr. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2023-36644

    Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin.... Read more

    Affected Products : tradepro
    • Published: Apr. 04, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-26686

    File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2023-26687

    Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2023-26688

    Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-26689

    An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2023-26690

    File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2023-26691

    Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-46414

    An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.... Read more

    • Published: Dec. 04, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2022-45990

    A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.... Read more

    Affected Products : ecommerce-website
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2022-45912

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to a... Read more

    Affected Products : collaboration
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2022-45771

    An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.... Read more

    Affected Products : pwndoc
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2022-45769

    A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter.... Read more

    Affected Products : clicshopping_v3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293588 Results