Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-23174

    An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter... Read more

    Affected Products : mediawiki
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-23171

    An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).... Read more

    Affected Products : mediawiki
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-23061

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 4.8

    MEDIUM
    CVE-2023-6941

    The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : official_opt-in_forms
    • Published: Jan. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2023-6620

    The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.... Read more

    Affected Products : post_smtp_mailer post_smtp
    • Published: Jan. 15, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2023-6554

    When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers. ... Read more

    Affected Products : tcexam
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 8.1

    HIGH
    CVE-2023-5905

    The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restr... Read more

    Affected Products : export_posts_with_images
    • Published: Jan. 15, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2023-52339

    In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.... Read more

    Affected Products : libebml
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-52288

    An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.... Read more

    Affected Products : flaskcode
    • Published: Jan. 13, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-52029

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-52028

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51987

    D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.... Read more

    Affected Products : dir-822_firmware dir-822
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 8.1

    HIGH
    CVE-2023-51978

    In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection.... Read more

    Affected Products : art_gallery_management_system
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-51806

    File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.... Read more

    Affected Products : ujcms
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 8.1

    HIGH
    CVE-2023-51805

    SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file.... Read more

    Affected Products : tduck-platform
    • Published: Jan. 13, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2023-51748

    ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.... Read more

    Affected Products : scalefusion
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-51142

    An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.... Read more

    Affected Products : biotime
    • Published: Apr. 11, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-51064

    QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table.... Read more

    Affected Products : archive_storage_manager
    • Published: Jan. 13, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2023-50129

    Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter.... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2023-50128

    The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.... Read more

    Affected Products : alarm_system
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293613 Results