Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-35431

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1.... Read more

    Affected Products : zkbio_cvsecurity
    • Published: May. 30, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-35433

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.... Read more

    Affected Products : zkbio_cvsecurity
    • Published: May. 30, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-28000

    Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.... Read more

    Affected Products : litespeed_cache
    • Published: Aug. 21, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-11917

    The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearch_xing_response_data_callback', 'set_access_tokes', and 'google_call... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Apr. 25, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2023-45256

    Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, valid... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2023-26159

    Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An att... Read more

    Affected Products : follow_redirects follow-redirects
    • Published: Jan. 02, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2025-28381

    A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-36526

    ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.... Read more

    Affected Products : zkbio_cvsecurity
    • Published: Jul. 09, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2025-28380

    A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-5475

    The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to ... Read more

    Affected Products : responsive_video_embed
    • Published: Jun. 20, 2024
    • Modified: Jun. 17, 2025

  • 8.3

    HIGH
    CVE-2024-4749

    The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : wp_emember
    • Published: Jun. 04, 2024
    • Modified: Jun. 17, 2025

  • 2.5

    LOW
    CVE-2025-5648

    A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack... Read more

    Affected Products : radare2
    • Published: Jun. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-1076

    The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to ... Read more

    Affected Products : ssl_zen
    • Published: May. 08, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-28294

    Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter.... Read more

    Affected Products : limbas
    • Published: Apr. 29, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-0868

    The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value... Read more

    Affected Products : coreactivity
    • Published: Apr. 17, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-4826

    The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack.... Read more

    Affected Products : socialdriver
    • Published: Feb. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2025-27956

    Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.... Read more

    Affected Products : weblaudos
    • Published: Jun. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-50599

    A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 07, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2025-5431

    A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotel... Read more

    Affected Products : assamlook_cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2024-31815

    In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh... Read more

    Affected Products : ex200_firmware ex200
    • Published: Apr. 08, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293605 Results