Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-32370

    An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.... Read more

    Affected Products : mailinspector
    • Published: May. 07, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-32371

    An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.... Read more

    Affected Products : mailinspector
    • Published: May. 07, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2025-4293

    A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may ... Read more

    Affected Products : mrcms
    • Published: May. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-4323

    A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack ... Read more

    Affected Products : mrcms
    • Published: May. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-24510

    Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.... Read more

    Affected Products : sogo
    • Published: Sep. 09, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-40597

    An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)... Read more

    Affected Products : mediawiki
    • Published: Jul. 07, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2025-4324

    A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to ... Read more

    Affected Products : mrcms
    • Published: May. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-44043

    Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can sp... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-27445

    A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of use... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-34447

    An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is c... Read more

    Affected Products : bouncy_castle_for_java
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2024-25309

    Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.... Read more

    Affected Products : simple_school_management_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-25201

    Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.... Read more

    Affected Products : espruino
    • Published: Feb. 07, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-23060

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-23049

    An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.... Read more

    Affected Products : symphony
    • Published: Feb. 05, 2024
    • Modified: Jun. 17, 2025

  • 8.0

    HIGH
    CVE-2024-21821

    Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 6.8

    MEDIUM
    CVE-2023-5879

    Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially... Read more

    Affected Products : aladdin_connect
    • Published: Jan. 03, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-51890

    An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.... Read more

    Affected Products : mathtex
    • Published: Jan. 24, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-50349

    Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. ... Read more

    Affected Products : sametime
    • Published: Feb. 09, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-47459

    An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component.... Read more

    Affected Products : discovery
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2022-48577

    An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293622 Results