Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-52702

    A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter.... Read more

    Affected Products : mybb
    • Published: Nov. 20, 2024
    • Modified: Jul. 07, 2025

  • 7.5

    HIGH
    CVE-2024-52726

    CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information... Read more

    Affected Products : crmeb
    • Published: Nov. 22, 2024
    • Modified: Jul. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-5285

    The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack... Read more

    Affected Products : wp_affiliate_platform
    • Published: Jul. 29, 2024
    • Modified: Jul. 07, 2025

  • 7.5

    HIGH
    CVE-2024-52871

    In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.... Read more

    Affected Products : flagsmith
    • Published: Nov. 17, 2024
    • Modified: Jul. 07, 2025

  • 7.5

    HIGH
    CVE-2024-52872

    In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.... Read more

    Affected Products : flagsmith
    • Published: Nov. 17, 2024
    • Modified: Jul. 07, 2025

  • 5.1

    MEDIUM
    CVE-2024-53384

    A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components... Read more

    Affected Products : tsup
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-53387

    A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.... Read more

    Affected Products : umeditor
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-53388

    A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.... Read more

    Affected Products : mavo
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-35287

    A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource wi... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-35286

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensi... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-35285

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 6.3

    MEDIUM
    CVE-2024-53619

    An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products : spip
    • Published: Nov. 26, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-35314

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sani... Read more

    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 5.6

    MEDIUM
    CVE-2024-35315

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. ... Read more

    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 8.2

    HIGH
    CVE-2024-47912

    A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A suc... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.4

    CRITICAL
    CVE-2024-47223

    A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successf... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 7.7

    HIGH
    CVE-2024-47189

    The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful expl... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-54169

    IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2024-54170

    IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-54171

    IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 06, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: XML External Entity
Showing 20 of 293940 Results