Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-27330

    PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Apr. 01, 2024
    • Modified: Jul. 07, 2025

  • 3.3

    LOW
    CVE-2024-27331

    PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Apr. 01, 2024
    • Modified: Jul. 07, 2025

  • 3.3

    LOW
    CVE-2024-27332

    PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Apr. 01, 2024
    • Modified: Jul. 07, 2025

  • 7.3

    HIGH
    CVE-2024-39003

    amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : common
    • Published: Jul. 01, 2024
    • Modified: Jul. 07, 2025

  • 6.3

    MEDIUM
    CVE-2024-39002

    rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : jsonic
    • Published: Jul. 01, 2024
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-39000

    adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : swiper
    • Published: Jul. 01, 2024
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-38997

    adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : swiper
    • Published: Jul. 01, 2024
    • Modified: Jul. 07, 2025

  • 5.0

    MEDIUM
    CVE-2012-5972

    Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.... Read more

    Affected Products : specview
    • Published: Jan. 17, 2013
    • Modified: Jul. 07, 2025

  • 7.3

    HIGH
    CVE-2024-38994

    amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : common
    • Published: Jul. 01, 2024
    • Modified: Jul. 07, 2025

  • 8.7

    HIGH
    CVE-2025-40732

    user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php... Read more

    Affected Products : daily_expense_manager
    • Published: Jun. 30, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-40731

    SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php.... Read more

    Affected Products : daily_expense_manager
    • Published: Jun. 30, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-21191

    Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Race Condition

  • 9.0

    HIGH
    CVE-2025-6487

    A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The at... Read more

    • Published: Jun. 22, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-47253

    Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.... Read more

    Affected Products : qalitor qualitor
    • Published: Nov. 06, 2023
    • Modified: Jul. 07, 2025

  • 9.0

    HIGH
    CVE-2025-6486

    A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to st... Read more

    • Published: Jun. 22, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6123

    A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be ... Read more

    • Published: Jun. 16, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6161

    A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possib... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2023-28267

    Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more

    • Published: Apr. 11, 2023
    • Modified: Jul. 07, 2025

  • 8.8

    HIGH
    CVE-2023-29362

    Remote Desktop Client Remote Code Execution Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2023-29352

    Windows Remote Desktop Security Feature Bypass Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Jul. 07, 2025
Showing 20 of 293634 Results