Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-34502

    An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST requ... Read more

    Affected Products : fedora mediawiki
    • Published: May. 05, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2024-28521

    SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component.... Read more

    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-28441

    File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint.... Read more

    Affected Products : magicflue
    • Published: Mar. 22, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-29273

    There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.... Read more

    Affected Products : dzzoffice
    • Published: Mar. 22, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2025-46567

    LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` on use... Read more

    Affected Products : llama-factory
    • Published: May. 01, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-46568

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, e... Read more

    Affected Products : stirling_pdf
    • Published: May. 01, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-3517

    Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updati... Read more

    Affected Products : devolutions_server
    • Published: May. 01, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-4178

    A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.j... Read more

    Affected Products : windows java_server
    • Published: May. 01, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-3927

    Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP address to connect and compromise the device, potentially pivoting to connected network or hardware devices.... Read more

    Affected Products : pyko-out
    • Published: May. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2023-41099

    In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM).... Read more

    Affected Products : eviden_cardos_api
    • Published: Mar. 22, 2024
    • Modified: Jun. 17, 2025

  • 3.7

    LOW
    CVE-2025-4215

    A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular exp... Read more

    Affected Products : debian_linux ublock_origin
    • Published: May. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-4218

    A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the a... Read more

    Affected Products : browserpilot
    • Published: May. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-29366

    A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.... Read more

    Affected Products : dir-845l_firmware dir-845l
    • Published: Mar. 22, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2025-21572

    OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.... Read more

    Affected Products : opengrok
    • Published: May. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-58135

    Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() functio... Read more

    Affected Products : mojolicious
    • Published: May. 03, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cryptography

  • 8.1

    HIGH
    CVE-2024-58134

    Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or... Read more

    Affected Products : mojolicious
    • Published: May. 03, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2024-24115

    A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : siena
    • Published: Feb. 08, 2024
    • Modified: Jun. 17, 2025

  • 6.7

    MEDIUM
    CVE-2024-20002

    In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DT... Read more

    Affected Products : android mt5583 mt5691 mt5695 mt9010 mt9011 mt9012 mt9016 mt9020 mt9021 +49 more products
    • Published: Feb. 05, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2023-6447

    The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.... Read more

    Affected Products : eventprime
    • Published: Jan. 22, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-52041

    An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293592 Results