Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-29212

    Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC... Read more

    Affected Products : veeam_service_provider_console
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 7.2

    HIGH
    CVE-2024-34338

    Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authenticati... Read more

    Affected Products : o3 o3_firmware
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 4.8

    MEDIUM
    CVE-2024-3634

    The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    Affected Products : month_name_translation_benaceur
    • Published: May. 15, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-46012

    Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.... Read more

    • Published: May. 07, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-47100

    In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.... Read more

    Affected Products : perl
    • Published: Dec. 02, 2023
    • Modified: Jun. 30, 2025

  • 6.5

    MEDIUM
    CVE-2023-46218

    This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and d... Read more

    Affected Products : fedora curl
    • Published: Dec. 07, 2023
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2023-32154

    Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this ... Read more

    Affected Products : routeros
    • Published: May. 03, 2024
    • Modified: Jun. 30, 2025

  • 6.1

    MEDIUM
    CVE-2019-3578

    MyBB 1.8.19 has XSS in the resetpassword function.... Read more

    Affected Products : mybb
    • Published: Jun. 06, 2019
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2019-3579

    MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.... Read more

    Affected Products : mybb
    • Published: Jun. 06, 2019
    • Modified: Jun. 30, 2025

  • 6.1

    MEDIUM
    CVE-2025-45879

    A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.... Read more

    Affected Products : amygdala
    • Published: Jun. 17, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-45529

    An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.... Read more

    Affected Products : siteserver_cms
    • Published: May. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-36383

    An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML A... Read more

    Affected Products : saml_authentication
    • Published: May. 27, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-33775

    An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.... Read more

    Affected Products : nagios_xi
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-36048

    QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.... Read more

    Affected Products : fedora qt
    • Published: May. 18, 2024
    • Modified: Jun. 30, 2025

  • 8.0

    HIGH
    CVE-2024-48286

    Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.... Read more

    Affected Products : e3000_firmware e3000
    • Published: Nov. 21, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-40750

    Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.... Read more

    • Published: Jul. 09, 2024
    • Modified: Jun. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20308

    A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because craf... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Jun. 30, 2025

  • 5.0

    MEDIUM
    CVE-2024-23336

    MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addres... Read more

    Affected Products : mybb
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 4.7

    MEDIUM
    CVE-2024-23335

    MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves thi... Read more

    Affected Products : mybb
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 6.4

    MEDIUM
    CVE-2024-29008

    A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM... Read more

    Affected Products : cloudstack
    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 294141 Results