Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-28752

    A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including ... Read more

    • Published: Mar. 15, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-4825

    A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.... Read more

    Affected Products : cockpit
    • Published: May. 14, 2024
    • Modified: Jun. 27, 2025

  • 5.5

    MEDIUM
    CVE-2024-36307

    A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the abi... Read more

    Affected Products : apex_one
    • Published: Jun. 10, 2024
    • Modified: Jun. 27, 2025

  • 9.0

    HIGH
    CVE-2025-6128

    A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url lead... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-4548

    An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perfor... Read more

    Affected Products : diaenergie
    • Published: May. 06, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-4547

    A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perf... Read more

    Affected Products : diaenergie
    • Published: May. 06, 2024
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-27439

    An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not ... Read more

    Affected Products : wicket
    • Published: Mar. 19, 2024
    • Modified: Jun. 27, 2025

  • 3.5

    LOW
    CVE-2024-4226

    It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.... Read more

    Affected Products : octopus_server
    • Published: Apr. 30, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-2777

    SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.... Read more

    Affected Products : sysaid
    • Published: May. 07, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: XML External Entity

  • 5.9

    MEDIUM
    CVE-2024-24818

    EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerabilit... Read more

    Affected Products : espocrm
    • Published: Mar. 21, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-28130

    An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge... Read more

    Affected Products : debian_linux dcmtk
    • Published: Apr. 23, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-28640

    Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.... Read more

    • Published: Mar. 16, 2024
    • Modified: Jun. 27, 2025

  • 6.3

    MEDIUM
    CVE-2024-2241

    Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions ... Read more

    Affected Products : workspace
    • Published: Mar. 07, 2024
    • Modified: Jun. 27, 2025

  • 7.3

    HIGH
    CVE-2022-36263

    StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.... Read more

    Affected Products : windows streamlabs_desktop
    • Published: Aug. 19, 2022
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-1316

    The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g.... Read more

    Affected Products : eventbrite_tickets event_tickets
    • Published: Mar. 04, 2024
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-27497

    Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.... Read more

    Affected Products : e2000_firmware e2000
    • Published: Mar. 01, 2024
    • Modified: Jun. 27, 2025

  • 4.5

    MEDIUM
    CVE-2024-3165

    System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.   ... Read more

    Affected Products : dotcms
    • Published: Apr. 01, 2024
    • Modified: Jun. 27, 2025

  • 4.5

    MEDIUM
    CVE-2024-3164

    In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, sh... Read more

    Affected Products : dotcms
    • Published: Apr. 01, 2024
    • Modified: Jun. 27, 2025

  • 8.1

    HIGH
    CVE-2025-25950

    Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-25951

    An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293681 Results