Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-52289

    authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirect_uri value received as... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 6.3

    MEDIUM
    CVE-2024-52307

    authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRET_KEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prom... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-33100

    IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.... Read more

    Affected Products : concert
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-24599

    In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to ... Read more

    • EPSS Score: %0.18
    • Published: Feb. 24, 2022
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9052

    A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The expl... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9053

    A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. ... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 7.6

    HIGH
    CVE-2025-29461

    An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.... Read more

    Affected Products : a-blog_cms a-blogcms a-blogcms
    • Published: Apr. 17, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-54466

    Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can explo... Read more

    Affected Products : ofbiz
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 4.9

    MEDIUM
    CVE-2025-31988

    HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.... Read more

    Affected Products : digital_experience
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025

  • 7.6

    HIGH
    CVE-2025-8092

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.16.... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-36290

    A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trig... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-36272

    A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger ... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-47093

    Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS... Read more

    Affected Products : nagvis
    • Published: Dec. 19, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-25569

    An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this v... Read more

    • Published: Apr. 25, 2024
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-21797

    A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-34166

    An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request ... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-34544

    A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigg... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-36258

    A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-38666

    An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 9.0

    CRITICAL
    CVE-2024-39273

    A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulner... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025
Showing 20 of 290943 Results