Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-28386

    A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-40570

    SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component.... Read more

    Affected Products : seacms
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-29976

    Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.... Read more

    • Published: May. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-29840

    Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.... Read more

    • Published: May. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29659

    Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.... Read more

    Affected Products : xy-3820_firmware xy-3820
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29660

    A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially... Read more

    Affected Products : xy-3820_firmware xy-3820
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-28102

    A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.... Read more

    Affected Products : flaskblog
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-57394

    The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by levera... Read more

    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-27086

    A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.... Read more

    Affected Products : performance_cluster_manager
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3841

    A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument... Read more

    Affected Products : jam
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2021-38487

    RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and i... Read more

    • Published: May. 05, 2022
    • Modified: Jun. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-4734

    A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci_update.php. The manipulation of the argument id/name leads to sql injection. It is possible to ... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 16, 2025
    • Modified: Jun. 21, 2025

  • 8.8

    HIGH
    CVE-2025-33053

    External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.... Read more

    • Actively Exploited
    • Published: Jun. 10, 2025
    • Modified: Jun. 21, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-25678

    In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.... Read more

    Affected Products : lsquic
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2024-25445

    Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.... Read more

    Affected Products : hugin
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-25312

    Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."... Read more

    Affected Products : simple_school_management_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-25310

    Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."... Read more

    Affected Products : simple_school_management_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-25307

    Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."... Read more

    Affected Products : cinema_seat_reservation_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-25200

    Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.... Read more

    Affected Products : espruino
    • Published: Feb. 07, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24321

    An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Feb. 08, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293620 Results