Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2023-37009

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash th... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2023-37010

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2023-37011

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MM... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-37012

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the M... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2023-37022

    Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of ... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2023-37023

    Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 7.6

    HIGH
    CVE-2025-29189

    Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.... Read more

    Affected Products : flowise
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-29390

    jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php.... Read more

    Affected Products : erp erp
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-29391

    horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php.... Read more

    Affected Products : library-manager
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2024-40068

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-40069

    Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2024-40070

    Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-40071

    Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP f... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-40072

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-40073

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-40074

    Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-28276

    Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.... Read more

    Affected Products : school_task_manager
    • Published: May. 14, 2024
    • Modified: Apr. 22, 2025

  • 9.4

    CRITICAL
    CVE-2024-34226

    SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.... Read more

    Affected Products : visitor_management_system
    • Published: May. 14, 2024
    • Modified: Apr. 22, 2025

  • 4.6

    MEDIUM
    CVE-2025-22903

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-22900

    Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293669 Results