Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2024-57459

    A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 02, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-31503

    Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Apr. 17, 2024
    • Modified: Jun. 13, 2025

  • 8.8

    HIGH
    CVE-2024-37821

    An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jun. 18, 2024
    • Modified: Jun. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-33900

    KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realis... Read more

    Affected Products : keepassxc
    • Published: May. 20, 2024
    • Modified: Jun. 13, 2025

  • 5.3

    MEDIUM
    CVE-2024-21733

    Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 o... Read more

    Affected Products : tomcat
    • Published: Jan. 19, 2024
    • Modified: Jun. 13, 2025

  • 7.5

    HIGH
    CVE-2023-52115

    The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.... Read more

    Affected Products : harmonyos
    • Published: Jan. 16, 2024
    • Modified: Jun. 13, 2025

  • 8.8

    HIGH
    CVE-2023-52074

    FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.... Read more

    Affected Products : flycms
    • Published: Jan. 08, 2024
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-0224

    The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks... Read more

    Affected Products : givewp
    • Published: Jan. 16, 2024
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-4976

    Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2024-33901

    Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the ... Read more

    Affected Products : keepassxc
    • Published: May. 20, 2024
    • Modified: Jun. 13, 2025

  • 8.8

    HIGH
    CVE-2024-32407

    An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.... Read more

    Affected Products : relate
    • Published: Apr. 22, 2024
    • Modified: Jun. 13, 2025

  • 2.6

    LOW
    CVE-2024-32405

    Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.... Read more

    Affected Products : relate
    • Published: Apr. 22, 2024
    • Modified: Jun. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-50849

    A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.... Read more

    Affected Products : worldserver
    • Published: Nov. 18, 2024
    • Modified: Jun. 13, 2025

  • 8.2

    HIGH
    CVE-2025-26013

    An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.... Read more

    Affected Products : loggrove
    • Published: Feb. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-26014

    A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.... Read more

    Affected Products : loggrove
    • Published: Feb. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-45752

    A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.... Read more

    Affected Products : seeddms
    • Published: May. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-57529

    Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.... Read more

    Affected Products : jetplanner
    • Published: May. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-28099

    opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,... Read more

    Affected Products : opencms
    • Published: Apr. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2022-41572

    An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.... Read more

    Affected Products : eyesofnetwork
    • Published: Jan. 07, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-22893

    OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.... Read more

    Affected Products : openslides
    • Published: Sep. 25, 2024
    • Modified: Jun. 13, 2025
Showing 20 of 293436 Results