Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-47020

    Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited... Read more

    Affected Products : terminal_handler
    • Published: Feb. 08, 2024
    • Modified: Jun. 10, 2025

  • 7.8

    HIGH
    CVE-2023-37476

    OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vul... Read more

    Affected Products : openrefine
    • Published: Jul. 17, 2023
    • Modified: Jun. 10, 2025

  • 7.1

    HIGH
    CVE-2019-13939

    A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V... Read more

    • Published: Jan. 16, 2020
    • Modified: Jun. 10, 2025

  • 3.3

    LOW
    CVE-2024-5198

    OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.... Read more

    Affected Products : openvpn-gui ovpn-dco-win
    • Published: Jan. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2024-4090

    The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-S... Read more

    Affected Products : mystickymenu my_sticky_bar
    • Published: Aug. 01, 2024
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-6412

    The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : html_forms
    • Published: Jul. 31, 2024
    • Modified: Jun. 10, 2025

  • 9.1

    CRITICAL
    CVE-2024-26503

    Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.... Read more

    Affected Products : open_eclass_platform openeclass
    • Published: Mar. 14, 2024
    • Modified: Jun. 10, 2025

  • 7.8

    HIGH
    CVE-2024-26540

    A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.... Read more

    Affected Products : cimg clmg
    • Published: Mar. 15, 2024
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-6272

    The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : spidercontacts
    • Published: Jul. 31, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-6536

    The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html cap... Read more

    • Published: Jul. 30, 2024
    • Modified: Jun. 10, 2025

  • 4.7

    MEDIUM
    CVE-2024-4217

    The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.... Read more

    Affected Products : shortcodes_ultimate
    • Published: Jul. 13, 2024
    • Modified: Jun. 10, 2025

  • 8.1

    HIGH
    CVE-2024-22259

    Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/dat... Read more

    • Published: Mar. 16, 2024
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-0974

    The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : social_media_widget
    • Published: Jul. 12, 2024
    • Modified: Jun. 10, 2025

  • 6.7

    MEDIUM
    CVE-2024-28283

    There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution.... Read more

    Affected Products : e1000_firmware e1000
    • Published: Mar. 19, 2024
    • Modified: Jun. 10, 2025

  • 8.2

    HIGH
    CVE-2021-25254

    Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.... Read more

    Affected Products : yandex_browser
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-24110

    SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.... Read more

    Affected Products : crmeb_java
    • Published: Mar. 21, 2024
    • Modified: Jun. 10, 2025

  • 8.3

    HIGH
    CVE-2021-25255

    Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.... Read more

    Affected Products : yandex_browser
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2021-25262

    Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.... Read more

    Affected Products : android yandex_browser
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5721

    A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation l... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5299

    A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_order_customer_update.php. The manipulation of the argument uploaded_file_cancel... Read more

    • Published: May. 28, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293284 Results