Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-48232

    An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request fo... Read more

    Affected Products : mipjz
    • Published: Oct. 25, 2024
    • Modified: Jul. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-48233

    mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter.... Read more

    Affected Products : mipjz
    • Published: Oct. 25, 2024
    • Modified: Jul. 07, 2025

  • 6.8

    MEDIUM
    CVE-2025-24987

    Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-48270

    An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack.... Read more

    Affected Products : oasys
    • Published: Nov. 01, 2024
    • Modified: Jul. 07, 2025

  • 4.4

    MEDIUM
    CVE-2024-4839

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals se... Read more

    • Published: Jun. 24, 2024
    • Modified: Jul. 07, 2025

  • 8.4

    HIGH
    CVE-2025-24084

    Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-24076

    Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2024-4841

    A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerabil... Read more

    • Published: Jun. 23, 2024
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-3186

    A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.... Read more

    Affected Products : ac1200_firmware ac5_firmware ac1200 ac5
    • Published: Jan. 26, 2021
    • Modified: Jul. 07, 2025

  • 7.8

    HIGH
    CVE-2020-28095

    On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.... Read more

    • Published: Dec. 30, 2020
    • Modified: Jul. 07, 2025

  • 6.7

    MEDIUM
    CVE-2025-21199

    Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-6378

    The Responsive Food and Drink Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_pdf_menus shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : responsive_food_and_drink_menu
    • Published: Jun. 26, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2019-16869

    Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.... Read more

    • Published: Sep. 26, 2019
    • Modified: Jul. 07, 2025

  • 8.1

    HIGH
    CVE-2024-48597

    Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit.... Read more

    Affected Products : online_clinic_management_system
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 7.3

    HIGH
    CVE-2024-50986

    An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.... Read more

    Affected Products : clementine
    • Published: Nov. 15, 2024
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-51091

    Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package... Read more

    Affected Products : seajs
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-5125

    parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript ... Read more

    Affected Products : lollms_web_ui lollms-webui
    • Published: Nov. 14, 2024
    • Modified: Jul. 07, 2025

  • 8.4

    HIGH
    CVE-2024-51459

    IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.... Read more

    • Published: Mar. 19, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-46450

    Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.... Read more

    Affected Products : ac6_firmware ac1200_firmware ac6 ac1200
    • Published: Jan. 16, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-40503

    An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Jul. 16, 2024
    • Modified: Jul. 07, 2025
Showing 20 of 293630 Results