Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2023-38042

    A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. ... Read more

    Affected Products : windows secure_access_client
    • Published: May. 31, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2025-4778

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation of the argument searchdata leads to sql injection. The... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-47916

    Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-23337

    jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a... Read more

    Affected Products : jq
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-5030

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os comm... Read more

    Affected Products : killwxapkg
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-48060

    jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As... Read more

    Affected Products : jq
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-36052

    RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.... Read more

    Affected Products : windows winrar
    • Published: May. 21, 2024
    • Modified: Jun. 20, 2025

  • 7.1

    HIGH
    CVE-2024-33899

    RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.... Read more

    Affected Products : linux_kernel unrar winrar unix
    • Published: Apr. 29, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2025-48063

    XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as ... Read more

    Affected Products : xwiki
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-49196

    An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.... Read more

    • Published: May. 27, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-46922

    An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver.... Read more

    • Published: Feb. 12, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-46923

    An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver.... Read more

    • Published: Feb. 12, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2025-25899

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-25900

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-23174

    An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter... Read more

    Affected Products : mediawiki
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-23171

    An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).... Read more

    Affected Products : mediawiki
    • Published: Jan. 12, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-23061

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 4.8

    MEDIUM
    CVE-2023-6941

    The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : official_opt-in_forms
    • Published: Jan. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2023-6620

    The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.... Read more

    Affected Products : post_smtp_mailer post_smtp
    • Published: Jan. 15, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2023-6554

    When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers. ... Read more

    Affected Products : tcexam
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293627 Results