Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-34509

    dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.... Read more

    Affected Products : debian_linux dcmtk
    • Published: May. 05, 2024
    • Modified: Jun. 11, 2025

  • 9.6

    CRITICAL
    CVE-2021-43905

    Microsoft Office app Remote Code Execution Vulnerability... Read more

    Affected Products : office 365_copilot
    • Published: Dec. 15, 2021
    • Modified: Jun. 11, 2025

  • 8.1

    HIGH
    CVE-2024-27628

    Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.... Read more

    Affected Products : dcmtk
    • Published: Jun. 28, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-48197

    Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.... Read more

    Affected Products : grocy grocy
    • Published: Nov. 15, 2023
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-47674

    Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model o... Read more

    • Published: Nov. 16, 2023
    • Modified: Jun. 11, 2025

  • 6.1

    MEDIUM
    CVE-2023-47488

    Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.... Read more

    Affected Products : itop
    • Published: Nov. 09, 2023
    • Modified: Jun. 11, 2025

  • 6.5

    MEDIUM
    CVE-2023-47335

    Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.... Read more

    • Published: Nov. 16, 2023
    • Modified: Jun. 11, 2025

  • 7.5

    HIGH
    CVE-2023-46849

    Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.... Read more

    • Published: Nov. 11, 2023
    • Modified: Jun. 11, 2025

  • 7.8

    HIGH
    CVE-2023-43591

    Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.... Read more

    Affected Products : rooms
    • Published: Nov. 15, 2023
    • Modified: Jun. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-6690

    The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2020-18305

    Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.... Read more

    Affected Products : extremexos exos
    • Published: May. 14, 2024
    • Modified: Jun. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-13865

    The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.... Read more

    Affected Products : s3player
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.3

    LOW
    CVE-2024-50564

    A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.... Read more

    Affected Products : forticlient
    • Published: Jan. 14, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-4929

    A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The attack may be initi... Read more

    • Published: May. 19, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5268

    Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 27, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2024-1663

    The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi... Read more

    Affected Products : ultimate_noindex_nofollow_tool_ii
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-2643

    The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored ... Read more

    Affected Products : my_sticky_bar
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-34500

    An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html:... Read more

    Affected Products : fedora mediawiki
    • Published: May. 05, 2024
    • Modified: Jun. 11, 2025

  • 6.2

    MEDIUM
    CVE-2024-51406

    Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster.... Read more

    Affected Products : floodlight open_sdn_controller
    • Published: Nov. 01, 2024
    • Modified: Jun. 11, 2025

  • 3.1

    LOW
    CVE-2024-3932

    A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The compl... Read more

    Affected Products :
    • Published: Apr. 18, 2024
    • Modified: Jun. 11, 2025
Showing 20 of 293349 Results