Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-45879

    A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.... Read more

    Affected Products : amygdala
    • Published: Jun. 17, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-45529

    An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.... Read more

    Affected Products : siteserver_cms
    • Published: May. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-36383

    An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML A... Read more

    Affected Products : saml_authentication
    • Published: May. 27, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-33775

    An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.... Read more

    Affected Products : nagios_xi
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-36048

    QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.... Read more

    Affected Products : fedora qt
    • Published: May. 18, 2024
    • Modified: Jun. 30, 2025

  • 8.0

    HIGH
    CVE-2024-48286

    Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.... Read more

    Affected Products : e3000_firmware e3000
    • Published: Nov. 21, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-40750

    Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.... Read more

    • Published: Jul. 09, 2024
    • Modified: Jun. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20308

    A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because craf... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Jun. 30, 2025

  • 5.0

    MEDIUM
    CVE-2024-23336

    MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addres... Read more

    Affected Products : mybb
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 4.7

    MEDIUM
    CVE-2024-23335

    MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves thi... Read more

    Affected Products : mybb
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 6.4

    MEDIUM
    CVE-2024-29008

    A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM... Read more

    Affected Products : cloudstack
    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-28871

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.... Read more

    Affected Products : libhtp
    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-47226

    A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top ... Read more

    Affected Products : netbox netbox
    • Published: Sep. 22, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-54772

    An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempt... Read more

    Affected Products : routeros
    • Published: Feb. 11, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-54952

    MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Se... Read more

    Affected Products : routeros
    • Published: May. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-56915

    Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-56917

    Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-56916

    In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript t... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-56918

    In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-28056

    Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" re... Read more

    Affected Products : amplify_cli
    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 293951 Results