Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-28345

    An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2024-29269

    An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-33820

    Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflo... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 01, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-34506

    An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of s... Read more

    Affected Products : fedora mediawiki
    • Published: May. 05, 2024
    • Modified: Jun. 17, 2025

  • 7.4

    HIGH
    CVE-2024-34507

    An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000... Read more

    Affected Products : fedora mediawiki
    • Published: May. 05, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-34510

    Gradio before 4.20 allows credential leakage on Windows.... Read more

    Affected Products : gradio
    • Published: May. 05, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-4549

    A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.... Read more

    Affected Products : diaenergie
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 8.6

    HIGH
    CVE-2024-34470

    An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of th... Read more

    Affected Products : mailinspector
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 5.9

    MEDIUM
    CVE-2024-34472

    An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not... Read more

    Affected Products : mailinspector
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 4.7

    MEDIUM
    CVE-2025-46399

    A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2023-52426

    libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.... Read more

    Affected Products : libexpat sinec_nms
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52354

    chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.... Read more

    Affected Products : chasquid
    • Published: Jan. 22, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52329

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52289

    An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.... Read more

    Affected Products : flaskcode
    • Published: Jan. 13, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52274

    member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.... Read more

    Affected Products : yzmcms
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-52251

    An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.... Read more

    Affected Products : ui
    • Published: Jan. 25, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-52239

    The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.... Read more

    Affected Products : magic_xpi_integration_platform
    • Published: Feb. 06, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52099

    Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52068

    kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs.... Read more

    Affected Products : kodbox
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-52027

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293631 Results