Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-5033

    A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-s... Read more

    Affected Products : teacms
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-30194

    When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is... Read more

    Affected Products : dnsdist
    • Published: Apr. 29, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2023-6129

    Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attack... Read more

    Affected Products : openssl
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51970

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51969

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51967

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51966

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51965

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51963

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51953

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51952

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-51252

    PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing.... Read more

    Affected Products : publiccms
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51126

    Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51123

    An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.... Read more

    Affected Products : dir-815_firmware dir-815
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-49237

    An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings.... Read more

    Affected Products : tv-ip1314pi_firmware tv-ip1314pi
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-49236

    A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback functio... Read more

    Affected Products : tv-ip1314pi_firmware tv-ip1314pi
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-49235

    An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command.... Read more

    Affected Products : tv-ip1314pi_firmware tv-ip1314pi
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-48864

    SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.... Read more

    Affected Products : semcms
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2023-47995

    Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.... Read more

    Affected Products : freeimage
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2023-47993

    A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.... Read more

    Affected Products : freeimage
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293656 Results