Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-23212

    The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to execute ar... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.05
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2024-23209

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos
    • EPSS Score: %0.41
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2024-23204

    The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %0.16
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2024-23203

    The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.... Read more

    Affected Products : macos iphone_os ipados
    • EPSS Score: %0.15
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 8.1

    HIGH
    CVE-2024-23182

    Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.... Read more

    Affected Products : a-blog_cms
    • EPSS Score: %2.00
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-22956

    swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838... Read more

    Affected Products : swftools
    • EPSS Score: %0.07
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-22915

    A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • EPSS Score: %0.08
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-22913

    A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • EPSS Score: %0.07
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-22663

    TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg... Read more

    Affected Products : a3700r_firmware a3700r
    • EPSS Score: %4.76
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-22638

    liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.... Read more

    Affected Products : livesite
    • EPSS Score: %4.18
    • Published: Jan. 25, 2024
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2024-22636

    PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.... Read more

    Affected Products : pluxml
    • EPSS Score: %4.77
    • Published: Jan. 25, 2024
    • Modified: May. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-22497

    Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-0814

    Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.13
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2024-0812

    Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.33
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-0808

    Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.34
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-0758

    MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles. ... Read more

    Affected Products : molecularfaces
    • EPSS Score: %1.94
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2024-0743

    An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.64
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-0742

    It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunde... Read more

    • EPSS Score: %1.22
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-0741

    An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • EPSS Score: %42.54
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-0679

    The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscrib... Read more

    Affected Products : colormag
    • EPSS Score: %7.69
    • Published: Jan. 20, 2024
    • Modified: May. 30, 2025
Showing 20 of 291794 Results