Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.4

    MEDIUM
    CVE-2023-32875

    In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issu... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +48 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2023-32401

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-31506

    A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.... Read more

    Affected Products : grav
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-26999

    An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.... Read more

    Affected Products : ngeniusone
    • Published: Jan. 09, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2025-29401

    An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : emlog
    • Published: Mar. 19, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2023-51295

    PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.... Read more

    Affected Products : event_booking_calendar
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-51328

    PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.... Read more

    Affected Products : cleaning_business_software
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-28073

    phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.... Read more

    Affected Products : phplist
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-28074

    phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, all... Read more

    Affected Products : phplist
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-47816

    libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.... Read more

    Affected Products : pspp
    • Published: May. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4538

    A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. Th... Read more

    Affected Products : kkfileview
    • Published: May. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-44831

    EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.... Read more

    Affected Products : engineercms
    • Published: May. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-45859

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2023-53154

    parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.... Read more

    Affected Products : cjson
    • Published: May. 23, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 2.7

    LOW
    CVE-2024-38822

    Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-25675

    An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.... Read more

    Affected Products : misp
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 4.3

    MEDIUM
    CVE-2022-23180

    The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 16, 2025

  • 9.0

    HIGH
    CVE-2025-5126

    A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: May. 24, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-5127

    A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation of the argument cmd leads to cross site scripting. The attack may be initiat... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: May. 24, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-5130

    A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of the argument File leads to unrestricted upload. It is ... Read more

    Affected Products : tmall_demo
    • Published: May. 24, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication
Showing 20 of 293505 Results