Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-1283

    Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Feb. 07, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-7074

    The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : wp_social_bookmark_menu
    • Published: Jan. 29, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-6161

    The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_crowdfunding
    • Published: Jan. 08, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-5041

    The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attac... Read more

    Affected Products : track_the_click
    • Published: Jan. 17, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-52032

    TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-51282

    An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.... Read more

    Affected Products : mcms
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-46953

    SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.... Read more

    Affected Products : abo.cms
    • Published: Jan. 06, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-44077

    Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.... Read more

    Affected Products : macos sharebrowser
    • Published: Jan. 17, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2023-36236

    Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.... Read more

    Affected Products : bagisto
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 6.7

    MEDIUM
    CVE-2023-32877

    In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID:... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-25365

    Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3... Read more

    Affected Products : october
    • Published: Feb. 08, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-25295

    A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel.... Read more

    Affected Products : evewa3
    • Published: Jan. 17, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-47072

    SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box..... Read more

    Affected Products : enterprise_architect
    • Published: Jan. 31, 2024
    • Modified: Jun. 17, 2025

  • 3.8

    LOW
    CVE-2020-26624

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2020-13878

    IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.... Read more

    Affected Products : b3d
    • Published: Jan. 05, 2024
    • Modified: Jun. 17, 2025

  • 4.6

    MEDIUM
    CVE-2024-33791

    A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function.... Read more

    Affected Products : mex605_firmware mex605
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-33792

    netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.... Read more

    Affected Products : mex605_firmware mex605
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-33793

    netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page.... Read more

    Affected Products : mex605_firmware mex605
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-31673

    Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via the userid parameter.... Read more

    Affected Products : kliqqi_cms
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-34467

    ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.... Read more

    Affected Products : thinkphp
    • Published: May. 04, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293562 Results