Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2023-5553

    During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' ... Read more

    Affected Products : axis_os axis_os_2022
    • Published: Nov. 21, 2023
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-46471

    Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer.... Read more

    Affected Products : yacms
    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-45377

    In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.... Read more

    Affected Products : chronopost
    • Published: Nov. 22, 2023
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-38823

    Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.... Read more

    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-46337

    A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also all... Read more

    Affected Products : derby
    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2022-39801

    SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the atta... Read more

    Affected Products : access_control
    • Published: Sep. 13, 2022
    • Modified: Jun. 10, 2025

  • 6.1

    MEDIUM
    CVE-2022-39799

    An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected u... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 13, 2022
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2022-0934

    A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.... Read more

    Affected Products : enterprise_linux fedora dnsmasq
    • Published: Aug. 29, 2022
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2013-6954

    The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.... Read more

    Affected Products : libpng
    • Published: Jan. 12, 2014
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2025-48010

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-3062

    The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil... Read more

    Affected Products : save_as_pdf
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-4004

    The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : advanced_cron_manager
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-5026

    The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : cm_tooltip_glossary
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13357

    The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : ditty
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13383

    The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : hd_quiz
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13616

    The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ca... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13619

    The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : lifterlms
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-13621

    The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ... Read more

    Affected Products : gdpr_framework
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13727

    The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.... Read more

    Affected Products : memberspace
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13823

    The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.... Read more

    Affected Products : 360_product_rotation
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293351 Results