Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-20053

    In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: A... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6879 mt6880 +37 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 6.6

    MEDIUM
    CVE-2024-20054

    In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID... Read more

    Affected Products : android openwrt yocto rdk-b mt2735 mt6833 mt6835 mt6853 mt6855 mt6873 +41 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 6.3

    MEDIUM
    CVE-2024-20055

    In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV... Read more

    Affected Products : android yocto iot_yocto mt2713 mt8673 mt8781 mt8798 mt8168 mt8188 mt8195 +9 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-51312

    PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter.... Read more

    Affected Products : restaurant_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-51313

    PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in Syste... Read more

    Affected Products : restaurant_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2023-4725

    The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : simple_posts_ticker
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-3268

    A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack... Read more

    Affected Products : tinywebserver
    • Published: Apr. 04, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3380

    A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Affected by this issue is some unknown functionality of the component FEAT Command Handler. The manipulation leads to buffer overflow. The attack may be launched ... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 07, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-46494

    A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.... Read more

    Affected Products : typecho
    • Published: Apr. 07, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-29392

    Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.... Read more

    Affected Products : silverpeas
    • Published: May. 22, 2024
    • Modified: Apr. 23, 2025

  • 9.1

    CRITICAL
    CVE-2023-40492

    LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit th... Read more

    Affected Products : simple_editor
    • Published: May. 03, 2024
    • Modified: Apr. 23, 2025

  • 6.4

    MEDIUM
    CVE-2024-2345

    The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output esc... Read more

    Affected Products : filebird
    • Published: May. 02, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-33102

    A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.... Read more

    Affected Products : thinksaas
    • Published: Apr. 30, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-33101

    A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.... Read more

    Affected Products : thinksaas
    • Published: Apr. 30, 2024
    • Modified: Apr. 23, 2025

  • 7.3

    HIGH
    CVE-2024-33338

    Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.... Read more

    Affected Products : jizhicms
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-51254

    Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.... Read more

    Affected Products : jfinalcms
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-46410

    PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature... Read more

    Affected Products : publiccms
    • Published: Oct. 08, 2024
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-8488

    The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... Read more

    Affected Products : survey_maker
    • Published: Oct. 08, 2024
    • Modified: Apr. 23, 2025

  • 4.9

    MEDIUM
    CVE-2024-45894

    BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.... Read more

    Affected Products : bluecms bluecms
    • Published: Oct. 07, 2024
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2024-46078

    itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id.... Read more

    • Published: Oct. 04, 2024
    • Modified: Apr. 23, 2025
Showing 20 of 293620 Results