Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-6486

    The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS com... Read more

    Affected Products : imagemagick_engine
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-33788

    Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.... Read more

    Affected Products : e5600_firmware e5600
    • Published: May. 06, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2025-22996

    A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.... Read more

    Affected Products : e5600_firmware e5600
    • Published: Jan. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-25193

    Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows ap... Read more

    Affected Products : netty windows
    • Published: Feb. 10, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-22997

    A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.... Read more

    Affected Products : e5600_firmware e5600
    • Published: Jan. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-34509

    dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.... Read more

    Affected Products : debian_linux dcmtk
    • Published: May. 05, 2024
    • Modified: Jun. 11, 2025

  • 9.6

    CRITICAL
    CVE-2021-43905

    Microsoft Office app Remote Code Execution Vulnerability... Read more

    Affected Products : office 365_copilot
    • Published: Dec. 15, 2021
    • Modified: Jun. 11, 2025

  • 8.1

    HIGH
    CVE-2024-27628

    Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.... Read more

    Affected Products : dcmtk
    • Published: Jun. 28, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-48197

    Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.... Read more

    Affected Products : grocy grocy
    • Published: Nov. 15, 2023
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-47674

    Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model o... Read more

    • Published: Nov. 16, 2023
    • Modified: Jun. 11, 2025

  • 6.1

    MEDIUM
    CVE-2023-47488

    Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.... Read more

    Affected Products : itop
    • Published: Nov. 09, 2023
    • Modified: Jun. 11, 2025

  • 6.5

    MEDIUM
    CVE-2023-47335

    Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.... Read more

    • Published: Nov. 16, 2023
    • Modified: Jun. 11, 2025

  • 7.5

    HIGH
    CVE-2023-46849

    Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.... Read more

    • Published: Nov. 11, 2023
    • Modified: Jun. 11, 2025

  • 7.8

    HIGH
    CVE-2023-43591

    Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.... Read more

    Affected Products : rooms
    • Published: Nov. 15, 2023
    • Modified: Jun. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-6690

    The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2020-18305

    Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.... Read more

    Affected Products : extremexos exos
    • Published: May. 14, 2024
    • Modified: Jun. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-13865

    The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.... Read more

    Affected Products : s3player
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.3

    LOW
    CVE-2024-50564

    A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.... Read more

    Affected Products : forticlient
    • Published: Jan. 14, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-4929

    A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The attack may be initi... Read more

    • Published: May. 19, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5268

    Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293259 Results