Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-6522

    Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2023-29113

    The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control ... Read more

    Affected Products :
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-22059

    A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.... Read more

    Affected Products : neurons_for_itsm
    • Published: May. 31, 2024
    • Modified: Jun. 30, 2025

  • 8.7

    HIGH
    CVE-2024-22060

    An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.... Read more

    Affected Products : neurons_for_itsm
    • Published: May. 31, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-4750

    The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request... Read more

    Affected Products : buddyboss buddyboss_platform
    • Published: Jun. 04, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2023-34001

    Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.... Read more

    Affected Products : hide_my_wp_ghost
    • Published: Jun. 04, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-27264

    IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.... Read more

    Affected Products : i i
    • Published: May. 22, 2024
    • Modified: Jun. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-31634

    Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.... Read more

    Affected Products : xunruicms
    • Published: Apr. 16, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-4456

    In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: May. 08, 2024
    • Modified: Jun. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-2697

    The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scrip... Read more

    Affected Products : swift_framework
    • Published: May. 17, 2024
    • Modified: Jun. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-29212

    Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC... Read more

    Affected Products : veeam_service_provider_console
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 7.2

    HIGH
    CVE-2024-34338

    Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authenticati... Read more

    Affected Products : o3 o3_firmware
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 4.8

    MEDIUM
    CVE-2024-3634

    The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    Affected Products : month_name_translation_benaceur
    • Published: May. 15, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-46012

    Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.... Read more

    • Published: May. 07, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-47100

    In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.... Read more

    Affected Products : perl
    • Published: Dec. 02, 2023
    • Modified: Jun. 30, 2025

  • 6.5

    MEDIUM
    CVE-2023-46218

    This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and d... Read more

    Affected Products : fedora curl
    • Published: Dec. 07, 2023
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2023-32154

    Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this ... Read more

    Affected Products : routeros
    • Published: May. 03, 2024
    • Modified: Jun. 30, 2025

  • 6.1

    MEDIUM
    CVE-2019-3578

    MyBB 1.8.19 has XSS in the resetpassword function.... Read more

    Affected Products : mybb
    • Published: Jun. 06, 2019
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2019-3579

    MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.... Read more

    Affected Products : mybb
    • Published: Jun. 06, 2019
    • Modified: Jun. 30, 2025

  • 6.1

    MEDIUM
    CVE-2025-45879

    A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.... Read more

    Affected Products : amygdala
    • Published: Jun. 17, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294072 Results