Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-52333

    An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : dcmtk
    • Published: Jan. 13, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-51379

    Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of ma... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-51380

    Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin u... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-51381

    Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and ... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-51382

    Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compro... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 6.1

    MEDIUM
    CVE-2023-1932

    A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid h... Read more

    • Published: Nov. 07, 2024
    • Modified: Jun. 24, 2025

  • 9.1

    CRITICAL
    CVE-2024-51504

    When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address dete... Read more

    Affected Products : zookeeper
    • Published: Nov. 07, 2024
    • Modified: Jun. 24, 2025

  • 8.2

    HIGH
    CVE-2024-13484

    A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-28715

    Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.... Read more

    Affected Products : doracms
    • Published: Mar. 19, 2024
    • Modified: Jun. 24, 2025

  • 6.6

    MEDIUM
    CVE-2024-41712

    A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to ... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-41714

    A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insuf... Read more

    • Published: Oct. 21, 2024
    • Modified: Jun. 24, 2025

  • 6.5

    MEDIUM
    CVE-2024-47224

    A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A succe... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jun. 24, 2025

  • 8.2

    HIGH
    CVE-2024-31029

    An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets.... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-40494

    Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet.... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-46478

    HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.... Read more

    Affected Products : htmldoc
    • Published: Oct. 24, 2024
    • Modified: Jun. 24, 2025

  • 6.5

    MEDIUM
    CVE-2024-40113

    Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.... Read more

    Affected Products : wlx-2006_firmware wlx-2006
    • Published: Jun. 02, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-40114

    A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.... Read more

    Affected Products : wlx-2006_firmware wlx-2006
    • Published: Jun. 02, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-26136

    A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.... Read more

    Affected Products : mysiteforme
    • Published: Mar. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26319

    FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.... Read more

    Affected Products : flowise
    • Published: Mar. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-27622

    Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293646 Results