Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-48228

    An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Jun. 10, 2025

  • 8.1

    HIGH
    CVE-2024-48178

    newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.... Read more

    Affected Products : newbee-mall
    • Published: Oct. 28, 2024
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-33809

    PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks.... Read more

    Affected Products : tidb
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025

  • 5.5

    MEDIUM
    CVE-2024-35110

    A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.... Read more

    Affected Products : yzmcms
    • Published: May. 17, 2024
    • Modified: Jun. 10, 2025

  • 8.8

    HIGH
    CVE-2024-36528

    nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php.... Read more

    Affected Products : nukeviet
    • Published: Jun. 10, 2024
    • Modified: Jun. 10, 2025

  • 5.7

    MEDIUM
    CVE-2024-36531

    nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component.... Read more

    Affected Products : nukeviet
    • Published: Jun. 10, 2024
    • Modified: Jun. 10, 2025

  • 4.0

    MEDIUM
    CVE-2025-48432

    An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead t... Read more

    Affected Products : django
    • Published: Jun. 05, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-31613

    BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."... Read more

    Affected Products : bosscms
    • Published: Jun. 10, 2024
    • Modified: Jun. 10, 2025

  • 8.8

    HIGH
    CVE-2024-37840

    SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter.... Read more

    Affected Products : learning_management_system
    • Published: Jun. 17, 2024
    • Modified: Jun. 10, 2025

  • 7.3

    HIGH
    CVE-2024-33300

    Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files.... Read more

    Affected Products : typora
    • Published: May. 01, 2024
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-34401

    Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter.... Read more

    Affected Products : savsoft_quiz
    • Published: May. 03, 2024
    • Modified: Jun. 10, 2025

  • 8.8

    HIGH
    CVE-2024-33921

    Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. ... Read more

    Affected Products : reviewx
    • Published: May. 03, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-33789

    Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint.... Read more

    Affected Products : e5600_firmware e5600
    • Published: May. 03, 2024
    • Modified: Jun. 10, 2025

  • 8.6

    HIGH
    CVE-2024-27453

    In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).... Read more

    Affected Products : extremexos
    • Published: May. 03, 2024
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-34462

    Alinto SOGo through 5.10.0 allows XSS during attachment preview.... Read more

    Affected Products : sogo
    • Published: May. 04, 2024
    • Modified: Jun. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-34508

    dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.... Read more

    Affected Products : debian_linux dcmtk
    • Published: May. 05, 2024
    • Modified: Jun. 10, 2025

  • 4.0

    MEDIUM
    CVE-2024-31580

    PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : pytorch
    • Published: Apr. 17, 2024
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2024-35618

    PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer.... Read more

    Affected Products : tidb
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-35373

    Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.... Read more

    Affected Products : mocodo_online
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-35374

    Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain ... Read more

    Affected Products : mocodo_online
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 293261 Results