Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-31634

    Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.... Read more

    Affected Products : xunruicms
    • Published: Apr. 16, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-4456

    In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: May. 08, 2024
    • Modified: Jun. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-2697

    The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scrip... Read more

    Affected Products : swift_framework
    • Published: May. 17, 2024
    • Modified: Jun. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-29212

    Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC... Read more

    Affected Products : veeam_service_provider_console
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 7.2

    HIGH
    CVE-2024-34338

    Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authenticati... Read more

    Affected Products : o3 o3_firmware
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 4.8

    MEDIUM
    CVE-2024-3634

    The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    Affected Products : month_name_translation_benaceur
    • Published: May. 15, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-46012

    Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.... Read more

    • Published: May. 07, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-47100

    In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.... Read more

    Affected Products : perl
    • Published: Dec. 02, 2023
    • Modified: Jun. 30, 2025

  • 6.5

    MEDIUM
    CVE-2023-46218

    This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and d... Read more

    Affected Products : fedora curl
    • Published: Dec. 07, 2023
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2023-32154

    Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this ... Read more

    Affected Products : routeros
    • Published: May. 03, 2024
    • Modified: Jun. 30, 2025

  • 6.1

    MEDIUM
    CVE-2019-3578

    MyBB 1.8.19 has XSS in the resetpassword function.... Read more

    Affected Products : mybb
    • Published: Jun. 06, 2019
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2019-3579

    MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.... Read more

    Affected Products : mybb
    • Published: Jun. 06, 2019
    • Modified: Jun. 30, 2025

  • 6.1

    MEDIUM
    CVE-2025-45879

    A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.... Read more

    Affected Products : amygdala
    • Published: Jun. 17, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-45529

    An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.... Read more

    Affected Products : siteserver_cms
    • Published: May. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-36383

    An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML A... Read more

    Affected Products : saml_authentication
    • Published: May. 27, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-33775

    An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.... Read more

    Affected Products : nagios_xi
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-36048

    QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.... Read more

    Affected Products : fedora qt
    • Published: May. 18, 2024
    • Modified: Jun. 30, 2025

  • 8.0

    HIGH
    CVE-2024-48286

    Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.... Read more

    Affected Products : e3000_firmware e3000
    • Published: Nov. 21, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-40750

    Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.... Read more

    • Published: Jul. 09, 2024
    • Modified: Jun. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20308

    A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because craf... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 294353 Results