Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-5906

    A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has b... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-5501

    A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler.... Read more

    Affected Products : open5gs
    • Published: Jun. 03, 2025
    • Modified: Jun. 13, 2025

  • 7.5

    HIGH
    CVE-2023-50991

    Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.... Read more

    Affected Products : i29_firmware i29
    • Published: Jan. 05, 2024
    • Modified: Jun. 13, 2025

  • 8.3

    HIGH
    CVE-2023-50932

    An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking ... Read more

    Affected Products : s\/notify
    • Published: Jan. 09, 2024
    • Modified: Jun. 13, 2025

  • 5.3

    MEDIUM
    CVE-2023-45561

    An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 02, 2024
    • Modified: Jun. 13, 2025

  • 6.7

    MEDIUM
    CVE-2023-46806

    An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. ... Read more

    Affected Products : endpoint_manager_mobile
    • Published: May. 22, 2024
    • Modified: Jun. 13, 2025

  • 6.7

    MEDIUM
    CVE-2023-46807

    An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: May. 22, 2024
    • Modified: Jun. 13, 2025

  • 4.4

    MEDIUM
    CVE-2023-47717

    IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.... Read more

    Affected Products : security_guardium
    • Published: May. 16, 2024
    • Modified: Jun. 13, 2025

  • 8.4

    HIGH
    CVE-2024-45679

    Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.... Read more

    Affected Products : assimp
    • Published: Sep. 18, 2024
    • Modified: Jun. 13, 2025

  • 4.3

    MEDIUM
    CVE-2025-5020

    Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS <... Read more

    Affected Products : firefox
    • Published: May. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-2817

    Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access contr... Read more

    • Published: Apr. 29, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-3523

    When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could tr... Read more

    Affected Products : thunderbird
    • Published: Apr. 15, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-27921

    A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back in... Read more

    Affected Products : output_messenger
    • Published: May. 05, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26241

    A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.... Read more

    Affected Products : osticket
    • Published: May. 05, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2024-46212

    An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.... Read more

    Affected Products : redaxo
    • Published: Oct. 16, 2024
    • Modified: Jun. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-46965

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46964

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-50803

    The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges... Read more

    Affected Products : redaxo
    • Published: Nov. 19, 2024
    • Modified: Jun. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-46963

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46960

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293414 Results