Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-5010

    A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripti... Read more

    Affected Products : hexo-boot
    • Published: May. 21, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-5011

    A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack ca... Read more

    Affected Products : hexo-boot
    • Published: May. 21, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-5013

    A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site script... Read more

    Affected Products : hkcms hkcms
    • Published: May. 21, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-48272

    Missing Authorization vulnerability in wpjobportal WP Job Portal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Job Portal: from n/a through 2.3.2.... Read more

    Affected Products : wp_job_portal
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2024-29385

    DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.... Read more

    Affected Products : dir-845l_firmware dir-845l
    • Published: Mar. 22, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2025-4932

    A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads ... Read more

    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-4802

    Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen call... Read more

    Affected Products : glibc
    • Published: May. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-40120

    seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.... Read more

    Affected Products : seaweedfs
    • Published: May. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2023-40284

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-28635

    Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.... Read more

    Affected Products : survey_creator survey-creator
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-40285

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-25167

    Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post.... Read more

    Affected Products : eblog
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 6.6

    MEDIUM
    CVE-2024-25359

    An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file.... Read more

    Affected Products : lagom
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-27626

    A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.... Read more

    Affected Products : dotclear
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-2053

    The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy adm... Read more

    Affected Products : artica_proxy
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-2054

    The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.... Read more

    Affected Products : artica_proxy
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29858

    In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.... Read more

    Affected Products : misp
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-29862

    The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state.... Read more

    Affected Products : gateway_bridge mqtt_forwarder
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29864

    Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.... Read more

    Affected Products : distrobox
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-26307

    Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be mi... Read more

    Affected Products : doris
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293505 Results