Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-42718

    A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Path Traversal

  • 6.2

    MEDIUM
    CVE-2024-29720

    An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2021-47715

    Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the ... Read more

    Affected Products : graphql_engine
    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2021-47714

    Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read ... Read more

    Affected Products : graphql_engine
    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2021-47713

    Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and m... Read more

    Affected Products : graphql_engine
    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2023-53944

    EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory travers... Read more

    Affected Products : webserver
    • Published: Dec. 18, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-53941

    EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to... Read more

    Affected Products : webserver
    • Published: Dec. 18, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2023-53970

    Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to res... Read more

    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2023-53969

    Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to th... Read more

    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2023-53967

    Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted P... Read more

    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-53968

    Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to th... Read more

    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-13158

    Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potenti... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2023-53974

    D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to do... Read more

    Affected Products : dsl-124_firmware dsl-124
    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2023-53979

    MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute comma... Read more

    Affected Products : mybb
    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2023-53978

    myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by insertin... Read more

    Affected Products : mybb
    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2023-53977

    myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting scr... Read more

    Affected Products : mybb
    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2023-53976

    myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserti... Read more

    Affected Products : mybb
    • Published: Dec. 22, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-53930

    ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' para... Read more

    Affected Products : projectsend
    • Published: Dec. 17, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2023-53906

    projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets sect... Read more

    Affected Products : projectsend
    • Published: Dec. 17, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-53905

    ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators exp... Read more

    Affected Products : projectsend
    • Published: Dec. 17, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection
Showing 20 of 4818 Results