Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-7141

    Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.... Read more

    Affected Products :
    • Published: Feb. 20, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2023-51339

    A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e... Read more

    Affected Products : event_ticketing_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2023-51338

    PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page.... Read more

    Affected Products : meeting_room_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-51337

    PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index.... Read more

    Affected Products : event_ticketing_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-51336

    PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in Sys... Read more

    Affected Products : meeting_room_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-27091

    OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due t... Read more

    Affected Products : openh264
    • Published: Feb. 20, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25973

    A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters.... Read more

    Affected Products :
    • Published: Feb. 20, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.0

    MEDIUM
    CVE-2025-25968

    DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file'... Read more

    Affected Products :
    • Published: Feb. 20, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-55457

    MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information... Read more

    Affected Products :
    • Published: Feb. 20, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-54961

    Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-54960

    A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-54959

    Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS).... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2024-54958

    Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2024-46933

    An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access.... Read more

    Affected Products :
    • Published: Feb. 20, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2023-51335

    PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters.... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2023-51334

    A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2023-51333

    PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Op... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-26311

    Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file.... Read more

    Affected Products : libming
    • Published: Feb. 20, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-26310

    Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted ABC file.... Read more

    Affected Products : libming
    • Published: Feb. 20, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-26309

    A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.... Read more

    Affected Products : libming
    • Published: Feb. 20, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291756 Results