Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-6000

    The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.... Read more

    Affected Products : popup_builder
    • Published: Jan. 01, 2024
    • Modified: Jun. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-5424

    A vulnerability was found in juzaweb CMS up to 3.4.2 and classified as critical. This issue affects some unknown processing of the file /admin-cp/media of the component Media Page. The manipulation leads to improper access controls. The attack may be init... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2023-49557

    An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.... Read more

    Affected Products : yasm
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 5.5

    MEDIUM
    CVE-2023-49554

    Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.... Read more

    Affected Products : yasm
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.8

    HIGH
    CVE-2023-34319

    The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the e... Read more

    Affected Products : linux_kernel debian_linux xen
    • Published: Sep. 22, 2023
    • Modified: Jun. 18, 2025

  • 6.7

    MEDIUM
    CVE-2023-32891

    In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS079330... Read more

    Affected Products : android lr13 nr15 nr16 nr17 mt2735 mt6779 mt6781 mt6783 mt6785 +36 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-32889

    In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY0116182... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +48 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 6.7

    MEDIUM
    CVE-2023-32882

    In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: A... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 4.4

    MEDIUM
    CVE-2023-32881

    In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 6.7

    MEDIUM
    CVE-2023-32879

    In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID:... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 5.5

    MEDIUM
    CVE-2023-32831

    In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ... Read more

    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2021-38243

    xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.... Read more

    Affected Products : xunruicms
    • Published: Sep. 27, 2023
    • Modified: Jun. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-5425

    A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor Page. The manipulation leads to improper access controls. It... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5426

    A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. ... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5427

    A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin-cp/permalinks of the component Permalinks Page. The manipulation leads to improper access controls... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5429

    A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be ... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2023-0386

    A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid ... Read more

    • Actively Exploited
    • Published: Mar. 22, 2023
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-23692

    Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially craft... Read more

    Affected Products : http_file_server
    • Actively Exploited
    • Published: May. 31, 2024
    • Modified: Jun. 18, 2025

  • 8.1

    HIGH
    CVE-2024-33599

    nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was ... Read more

    • Published: May. 06, 2024
    • Modified: Jun. 18, 2025

  • 5.9

    MEDIUM
    CVE-2024-33600

    nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.... Read more

    • Published: May. 06, 2024
    • Modified: Jun. 18, 2025
Showing 20 of 293616 Results