Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-50020

    An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.... Read more

    Affected Products : open5gs
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-49961

    WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.... Read more

    Affected Products : bastion bastion_access_manager
    • Published: Jan. 08, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-46929

    An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.... Read more

    Affected Products : gpac
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-45724

    HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-45723

    HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.7

    HIGH
    CVE-2023-42358

    An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.... Read more

    Affected Products : ric-plt-e2mgr
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.6

    CRITICAL
    CVE-2023-39655

    A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, le... Read more

    Affected Products : couchauth
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.8

    HIGH
    CVE-2023-34326

    The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Su... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 7.8

    HIGH
    CVE-2023-34325

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pyg... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 5.5

    MEDIUM
    CVE-2023-34323

    When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, ... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2023-27739

    easyXDM 2.5 allows XSS via the xdm_e parameter.... Read more

    Affected Products : easyxdm
    • Published: Jan. 08, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2020-13880

    IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.... Read more

    Affected Products : b3d
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-42936

    The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.... Read more

    Affected Products : reyee_os rg-ew300n
    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-22980

    A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.... Read more

    • Published: Jan. 22, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-48915

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.... Read more

    • Published: Jun. 13, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-48914

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.... Read more

    • Published: Jun. 13, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-35138

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : security_verify_access
    • Published: Feb. 04, 2025
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2021-20450

    IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user g... Read more

    Affected Products : cognos_controller
    • Published: May. 03, 2024
    • Modified: Jun. 18, 2025

  • 5.4

    MEDIUM
    CVE-2025-5420

    A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload lea... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-5421

    A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper ... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization
Showing 20 of 293602 Results