Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2024-53384

    A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components... Read more

    Affected Products : tsup
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-53387

    A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.... Read more

    Affected Products : umeditor
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-53388

    A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.... Read more

    Affected Products : mavo
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-35287

    A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource wi... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-35286

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensi... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-35285

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 6.3

    MEDIUM
    CVE-2024-53619

    An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products : spip
    • Published: Nov. 26, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-35314

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sani... Read more

    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 5.6

    MEDIUM
    CVE-2024-35315

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. ... Read more

    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 8.2

    HIGH
    CVE-2024-47912

    A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A suc... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.4

    CRITICAL
    CVE-2024-47223

    A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successf... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 7.7

    HIGH
    CVE-2024-47189

    The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful expl... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-54169

    IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2024-54170

    IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-54171

    IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 06, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: XML External Entity

  • 6.1

    MEDIUM
    CVE-2024-54957

    Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their... Read more

    Affected Products : nagios_xi
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-54960

    A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55160

    GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.... Read more

    Affected Products : gfast
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2021-4457

    The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.... Read more

    Affected Products : zoomsounds
    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-25905

    Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.... Read more

    Affected Products : cadclick
    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293619 Results