Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-8208

    A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID lead... Read more

    • Published: Aug. 27, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-56375

    An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, sh... Read more

    Affected Products : fort-validator fort_validator
    • Published: Dec. 22, 2024
    • Modified: Apr. 22, 2025

  • 4.8

    MEDIUM
    CVE-2024-54775

    Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.... Read more

    Affected Products : dcat_admin
    • Published: Dec. 27, 2024
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-56314

    A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payloa... Read more

    Affected Products : redcap
    • Published: Dec. 22, 2024
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-56313

    A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, ... Read more

    Affected Products : redcap
    • Published: Dec. 22, 2024
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-56312

    A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, t... Read more

    Affected Products : redcap
    • Published: Dec. 22, 2024
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2024-56311

    REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout ... Read more

    Affected Products : redcap
    • Published: Dec. 22, 2024
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2024-56310

    REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious pay... Read more

    Affected Products : redcap
    • Published: Dec. 22, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-22957

    A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitiv... Read more

    Affected Products : zzcms
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-36694

    OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.... Read more

    Affected Products : opencart
    • Published: Dec. 18, 2024
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2024-56170

    A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be priorit... Read more

    Affected Products : fort-validator
    • Published: Dec. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-57433

    macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-57434

    macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator.... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-57435

    In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-29369

    Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1.... Read more

    Affected Products : matrimonial_site
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0948

    A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file incview.php. The manipulation of the argument incid leads to sql injection. It is possible to initiate t... Read more

    Affected Products : tailoring_management_system
    • Published: Feb. 01, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-28236

    Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-28235

    An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-28233

    Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract ses... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025

  • 9.1

    CRITICAL
    CVE-2025-28231

    Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
Showing 20 of 293584 Results