Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-45753

    In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-7762

    The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes... Read more

    Affected Products : simple_job_board
    • Published: May. 15, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-1286

    The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.... Read more

    Affected Products : paid_memberships_pro
    • Published: Jul. 30, 2024
    • Modified: Aug. 29, 2025

  • 8.0

    HIGH
    CVE-2023-34488

    NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.... Read more

    Affected Products : nanomq
    • EPSS Score: %0.09
    • Published: Jun. 12, 2023
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-30258

    Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.... Read more

    Affected Products : magnusbilling
    • EPSS Score: %93.51
    • Published: Jun. 23, 2023
    • Modified: Aug. 29, 2025

  • 6.1

    MEDIUM
    CVE-2018-18307

    A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a passwo... Read more

    Affected Products : alchemy_cms
    • EPSS Score: %0.41
    • Published: Oct. 16, 2018
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8097

    The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code ... Read more

    Affected Products : x_server xorg-server x11
    • EPSS Score: %1.30
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8093

    Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly ex... Read more

    Affected Products : x_server xorg-server x11 xfree86
    • EPSS Score: %1.30
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8094

    Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary... Read more

    • EPSS Score: %1.04
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8095

    The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code... Read more

    Affected Products : debian_linux x_server xorg-server x11
    • EPSS Score: %2.30
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8103

    X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) s... Read more

    Affected Products : x_server xorg-server
    • EPSS Score: %14.45
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 3.6

    LOW
    CVE-2015-3164

    The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.... Read more

    Affected Products : opensuse x_server xorg-server
    • EPSS Score: %0.06
    • Published: Jul. 01, 2015
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2017-10972

    Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.... Read more

    Affected Products : x_server xorg-server
    • EPSS Score: %0.56
    • Published: Jul. 06, 2017
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2017-12176

    xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux x_server xorg-server
    • EPSS Score: %0.95
    • Published: Jan. 24, 2018
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2017-12180

    xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux x_server xorg-server
    • EPSS Score: %0.95
    • Published: Jan. 24, 2018
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2017-12185

    xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux x_server xorg-server
    • EPSS Score: %0.84
    • Published: Jan. 24, 2018
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2017-12187

    xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux x_server xorg-server
    • EPSS Score: %0.77
    • Published: Jan. 24, 2018
    • Modified: Aug. 29, 2025

  • 7.0

    HIGH
    CVE-2017-2624

    It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return a... Read more

    Affected Products : debian_linux x_server xorg-server
    • EPSS Score: %0.11
    • Published: Jul. 27, 2018
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-6816

    A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the dev... Read more

    • EPSS Score: %3.08
    • Published: Jan. 18, 2024
    • Modified: Aug. 29, 2025

  • 5.5

    MEDIUM
    CVE-2024-0408

    A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resour... Read more

    • EPSS Score: %0.02
    • Published: Jan. 18, 2024
    • Modified: Aug. 29, 2025
Showing 20 of 292316 Results