Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-23475

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 7.1

    HIGH
    CVE-2025-23462

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FWD Slider allows Reflected XSS. This issue affects FWD Slider: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 7.1

    HIGH
    CVE-2025-23449

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 6.7

    MEDIUM
    CVE-2025-22980

    A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.... Read more

    • Published: Jan. 22, 2025
    • Modified: Jun. 18, 2025

  • 7.1

    HIGH
    CVE-2025-22772

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mapbox for WP Advanced allows Reflected XSS. This issue affects Mapbox for WP Advanced: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-0604

    A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled ... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Jan. 22, 2025
    • Modified: Mar. 10, 2025

  • 8.6

    HIGH
    CVE-2024-34235

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2024-24432

    A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-24430

    A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 8.6

    HIGH
    CVE-2023-37023

    Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-37022

    Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of ... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 8.6

    HIGH
    CVE-2023-37021

    Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedl... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 8.6

    HIGH
    CVE-2023-37020

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly cr... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 8.6

    HIGH
    CVE-2023-37019

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 8.6

    HIGH
    CVE-2023-37018

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 8.6

    HIGH
    CVE-2023-37017

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME,... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 8.6

    HIGH
    CVE-2023-37016

    Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeated... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 8.6

    HIGH
    CVE-2023-37015

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-37014

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly cr... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025

  • 7.3

    HIGH
    CVE-2023-37013

    Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an ... Read more

    Affected Products : open5gs
    • Published: Jan. 22, 2025
    • Modified: Apr. 22, 2025
Showing 20 of 291150 Results