Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2023-29386

    Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. ... Read more

    Affected Products : manager_for_icomoon
    • Published: Mar. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-47873

    Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9. ... Read more

    Affected Products : wp_child_theme_generator
    • Published: Mar. 26, 2024
    • Modified: Mar. 19, 2025

  • 9.1

    CRITICAL
    CVE-2024-28335

    Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localh... Read more

    Affected Products :
    • Published: Mar. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-27602

    Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module.... Read more

    Affected Products : alldata
    • Published: Apr. 02, 2024
    • Modified: Apr. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-25864

    Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component.... Read more

    Affected Products : friendica
    • Published: Apr. 03, 2024
    • Modified: Mar. 13, 2025

  • 9.1

    CRITICAL
    CVE-2024-23078

    JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence ... Read more

    Affected Products :
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-1643

    By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, p... Read more

    Affected Products : lunary
    • Published: Apr. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-1739

    lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with... Read more

    Affected Products : lunary
    • Published: Apr. 16, 2024
    • Modified: Jun. 18, 2025

  • 9.1

    CRITICAL
    CVE-2024-32644

    Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during th... Read more

    Affected Products : evmos
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-27349

    Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.... Read more

    Affected Products : hugegraph
    • Published: Apr. 22, 2024
    • Modified: Jun. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-32954

    Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. ... Read more

    Affected Products : newsletters
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-19755

    ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to... Read more

    Affected Products :
    • Published: Apr. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-33146

    J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function.... Read more

    Affected Products : j2eefast
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.1

    CRITICAL
    CVE-2024-35187

    Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services ar... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-3761

    In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1/datasets` is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even th... Read more

    Affected Products : lunary
    • Published: May. 20, 2024
    • Modified: Jan. 10, 2025

  • 9.1

    CRITICAL
    CVE-2024-4442

    The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible f... Read more

    Affected Products : salon_booking_system
    • Published: May. 21, 2024
    • Modified: Apr. 18, 2025

  • 9.1

    CRITICAL
    CVE-2024-3050

    The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking... Read more

    Affected Products : site_reviews
    • Published: May. 29, 2024
    • Modified: May. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-3412

    The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes ... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-5526

    Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerab... Read more

    Affected Products : oncall
    • Published: Jun. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-24192

    robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.... Read more

    Affected Products : robdns
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results