Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-29573

    Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.... Read more

    Affected Products : mezzanine
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-45607

    An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.... Read more

    Affected Products : itranswarp
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-23900

    Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller f... Read more

    Affected Products : matrix_project
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-23740

    An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.... Read more

    Affected Products : kap
    • Published: Jan. 28, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-22076

    MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface.... Read more

    Affected Products : print_server
    • Published: Jan. 23, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-49549

    An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.... Read more

    Affected Products : mjs
    • Published: Jan. 02, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-49427

    Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 3.3

    LOW
    CVE-2023-46837

    Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a gues... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 16, 2025

  • 6.3

    MEDIUM
    CVE-2023-42887

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files.... Read more

    Affected Products : macos
    • Published: Jan. 23, 2024
    • Modified: Jun. 16, 2025

  • 7.1

    HIGH
    CVE-2023-38610

    A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-35837

    An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the de... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-32887

    In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6833p mt6835 mt6853 mt6853t +28 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 16, 2025

  • 4.8

    MEDIUM
    CVE-2021-43584

    DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log.... Read more

    Affected Products : nagios_cross_platform_agent
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2025-45612

    Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.... Read more

    Affected Products : xmall
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-29602

    flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.... Read more

    Affected Products : flatpress
    • Published: May. 07, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-29746

    Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components... Read more

    Affected Products : koillection
    • Published: May. 07, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-25715

    Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.... Read more

    Affected Products : glewlwyd_sso_server
    • Published: Feb. 11, 2024
    • Modified: Jun. 16, 2025

  • 6.1

    MEDIUM
    CVE-2024-25712

    http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-248... Read more

    Affected Products : http-swagger
    • Published: Feb. 29, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2024-25679

    In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed a... Read more

    Affected Products : pquic
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2024-25677

    In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.... Read more

    Affected Products : min
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025
Showing 20 of 293505 Results