Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-35837

    An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the de... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-32887

    In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6833p mt6835 mt6853 mt6853t +28 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 16, 2025

  • 4.8

    MEDIUM
    CVE-2021-43584

    DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log.... Read more

    Affected Products : nagios_cross_platform_agent
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2025-45612

    Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.... Read more

    Affected Products : xmall
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-29602

    flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.... Read more

    Affected Products : flatpress
    • Published: May. 07, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-29746

    Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components... Read more

    Affected Products : koillection
    • Published: May. 07, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-25715

    Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.... Read more

    Affected Products : glewlwyd_sso_server
    • Published: Feb. 11, 2024
    • Modified: Jun. 16, 2025

  • 6.1

    MEDIUM
    CVE-2024-25712

    http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-248... Read more

    Affected Products : http-swagger
    • Published: Feb. 29, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2024-25679

    In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed a... Read more

    Affected Products : pquic
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2024-25677

    In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.... Read more

    Affected Products : min
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2024-25453

    Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.... Read more

    Affected Products : bento4
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2024-25450

    imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().... Read more

    Affected Products : imlib2
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2024-25318

    Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.... Read more

    Affected Products : hotel_management_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 6.1

    MEDIUM
    CVE-2024-24034

    Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.... Read more

    Affected Products : s.i.l
    • Published: Feb. 08, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2024-22749

    GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577... Read more

    Affected Products : gpac
    • Published: Jan. 25, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2024-22562

    swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-22050

    Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. ... Read more

    Affected Products : iodine
    • Published: Jan. 04, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2024-21833

    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-21780

    Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.... Read more

    • Published: Feb. 02, 2024
    • Modified: Jun. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-0811

    Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025
Showing 20 of 293557 Results