Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-43992

    An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2023-43317

    An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component.... Read more

    Affected Products : coign
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-38319

    An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.... Read more

    Affected Products : opennds
    • Published: Jan. 26, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-38318

    An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.... Read more

    Affected Products : opennds
    • Published: Jan. 26, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-37571

    Softing TH SCOPE through 3.70 allows XSS.... Read more

    Affected Products : th_scope
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-33758

    Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.... Read more

    Affected Products : maximiser_soft_pbx
    • Published: Jan. 25, 2024
    • Modified: Jun. 20, 2025

  • 5.9

    MEDIUM
    CVE-2023-33757

    A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.... Read more

    Affected Products : ipcs ipcs2
    • Published: Jan. 25, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2023-31505

    An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file.... Read more

    Affected Products : cms
    • Published: Jan. 31, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-29055

    In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possi... Read more

    Affected Products : kylin
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-4964

    Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.... Read more

    Affected Products : ubuntu_pipewire-pulse
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2021-42146

    An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows r... Read more

    Affected Products : tinydtls
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2021-42145

    An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service.... Read more

    Affected Products : tinydtls
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-42144

    Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message().... Read more

    Affected Products : contiki-ng_tinydtls
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2021-42143

    An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHe... Read more

    Affected Products : tinydtls
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2021-43635

    A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.... Read more

    Affected Products : codex codex
    • Published: Feb. 04, 2022
    • Modified: Jun. 20, 2025

  • 7.3

    HIGH
    CVE-2025-1068

    There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a ... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1067

    There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specif... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-35079

    An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file.... Read more

    Affected Products : inxedu
    • Published: May. 23, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-35080

    An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file.... Read more

    Affected Products : inxedu inxedu
    • Published: May. 23, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-35570

    An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file.... Read more

    Affected Products : inxedu
    • Published: May. 23, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293646 Results