Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-24279

    An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions.... Read more

    Affected Products : secdiskapp
    • Published: Apr. 08, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-21507

    Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.... Read more

    Affected Products : mysql2
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2025-39240

    Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authentication

  • 5.6

    MEDIUM
    CVE-2025-22242

    Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An att... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2025-22241

    File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “au... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2024-13772

    The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fb_ajax... Read more

    Affected Products : civi civi
    • Published: Mar. 14, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2023-52285

    ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter.... Read more

    Affected Products : examsys
    • Published: Jan. 17, 2024
    • Modified: Jun. 17, 2025

  • 4.3

    MEDIUM
    CVE-2023-40264

    An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface.... Read more

    Affected Products : openscape_voice_trace_manager_v8
    • Published: Feb. 08, 2024
    • Modified: Jun. 17, 2025

  • 3.3

    LOW
    CVE-2023-28197

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2022-46721

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2022-40361

    Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.... Read more

    Affected Products : elite_cms
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 4.7

    MEDIUM
    CVE-2022-32919

    The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2021-46903

    An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).... Read more

    Affected Products : lantime_firmware
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2021-46902

    An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.... Read more

    Affected Products : lantime_firmware
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-21509

    Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.... Read more

    Affected Products : mysql2
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 7.3

    HIGH
    CVE-2025-5129

    A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is requ... Read more

    Affected Products : atrust
    • Published: May. 24, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2024-23734

    Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link.... Read more

    Affected Products : s-notify
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-23735

    Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate.... Read more

    Affected Products : s-notify
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 3.1

    LOW
    CVE-2024-28344

    An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-47992

    An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.... Read more

    Affected Products : freeimage
    • Published: Jan. 09, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293605 Results