Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-54171

    IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 06, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: XML External Entity

  • 6.1

    MEDIUM
    CVE-2024-54957

    Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their... Read more

    Affected Products : nagios_xi
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-54960

    A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55160

    GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.... Read more

    Affected Products : gfast
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2021-4457

    The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.... Read more

    Affected Products : zoomsounds
    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-25905

    Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.... Read more

    Affected Products : cadclick
    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.3

    LOW
    CVE-2025-6658

    PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-6659

    PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-40090

    Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.1

    CRITICAL
    CVE-2024-40089

    A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-40088

    A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any ... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.6

    CRITICAL
    CVE-2024-40087

    Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.6

    CRITICAL
    CVE-2024-40084

    A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 7.8

    HIGH
    CVE-2025-6660

    PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to explo... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-24988

    Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2024-48232

    An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request fo... Read more

    Affected Products : mipjz
    • Published: Oct. 25, 2024
    • Modified: Jul. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-48233

    mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter.... Read more

    Affected Products : mipjz
    • Published: Oct. 25, 2024
    • Modified: Jul. 07, 2025

  • 6.8

    MEDIUM
    CVE-2025-24987

    Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-48270

    An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack.... Read more

    Affected Products : oasys
    • Published: Nov. 01, 2024
    • Modified: Jul. 07, 2025

  • 4.4

    MEDIUM
    CVE-2024-4839

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals se... Read more

    • Published: Jun. 24, 2024
    • Modified: Jul. 07, 2025
Showing 20 of 293645 Results