Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-6105

    A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiat... Read more

    Affected Products : jfinal_cms
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.4

    CRITICAL
    CVE-2025-1268

    Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer D... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2023-7035

    A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument siten... Read more

    Affected Products : automad
    • Published: Dec. 21, 2023
    • Modified: Jun. 15, 2025

  • 9.3

    CRITICAL
    CVE-2025-0129

    An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions.... Read more

    Affected Products : prisma_access_browser
    • Published: Apr. 11, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2023-6046

    The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : eventon
    • Published: Jan. 16, 2024
    • Modified: Jun. 13, 2025

  • 7.8

    HIGH
    CVE-2023-52922

    In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat No... Read more

    Affected Products : linux_kernel
    • Published: Nov. 28, 2024
    • Modified: Jun. 13, 2025

  • 7.8

    HIGH
    CVE-2023-47198

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-5906

    A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has b... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-5501

    A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler.... Read more

    Affected Products : open5gs
    • Published: Jun. 03, 2025
    • Modified: Jun. 13, 2025

  • 7.5

    HIGH
    CVE-2023-50991

    Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.... Read more

    Affected Products : i29_firmware i29
    • Published: Jan. 05, 2024
    • Modified: Jun. 13, 2025

  • 8.3

    HIGH
    CVE-2023-50932

    An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking ... Read more

    Affected Products : s\/notify
    • Published: Jan. 09, 2024
    • Modified: Jun. 13, 2025

  • 5.3

    MEDIUM
    CVE-2023-45561

    An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 02, 2024
    • Modified: Jun. 13, 2025

  • 6.7

    MEDIUM
    CVE-2023-46806

    An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. ... Read more

    Affected Products : endpoint_manager_mobile
    • Published: May. 22, 2024
    • Modified: Jun. 13, 2025

  • 6.7

    MEDIUM
    CVE-2023-46807

    An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: May. 22, 2024
    • Modified: Jun. 13, 2025

  • 4.4

    MEDIUM
    CVE-2023-47717

    IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.... Read more

    Affected Products : security_guardium
    • Published: May. 16, 2024
    • Modified: Jun. 13, 2025

  • 8.4

    HIGH
    CVE-2024-45679

    Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.... Read more

    Affected Products : assimp
    • Published: Sep. 18, 2024
    • Modified: Jun. 13, 2025

  • 4.3

    MEDIUM
    CVE-2025-5020

    Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS <... Read more

    Affected Products : firefox
    • Published: May. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-2817

    Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access contr... Read more

    • Published: Apr. 29, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-3523

    When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could tr... Read more

    Affected Products : thunderbird
    • Published: Apr. 15, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-27921

    A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back in... Read more

    Affected Products : output_messenger
    • Published: May. 05, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293496 Results