Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2023-31728

    Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.... Read more

    Affected Products : rut240_firmware rut240
    • Published: Feb. 17, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-48252

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.8.... Read more

    Affected Products : back_button_widget
    • Published: May. 19, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-48144

    Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2.... Read more

    Affected Products : import_export_for_woocommerce
    • Published: May. 16, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-48138

    Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.... Read more

    Affected Products : bertha_ai
    • Published: May. 16, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-23985

    EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.... Read more

    Affected Products : ezserver
    • EPSS Score: %0.07
    • Published: Jan. 25, 2024
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2024-23902

    A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.... Read more

    Affected Products : github_branch_source
    • EPSS Score: %0.05
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-23901

    Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jen... Read more

    Affected Products : github_branch_source
    • EPSS Score: %0.09
    • Published: Jan. 24, 2024
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2024-23849

    In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2024-23848

    In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-23771

    darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.... Read more

    Affected Products : darkhttpd
    • EPSS Score: %0.32
    • Published: Jan. 22, 2024
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2024-23770

    darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.... Read more

    Affected Products : darkhttpd
    • EPSS Score: %0.02
    • Published: Jan. 22, 2024
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2024-23768

    Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the sour... Read more

    Affected Products : dremio
    • EPSS Score: %0.48
    • Published: Jan. 22, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-23752

    GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English lang... Read more

    Affected Products : pandasai
    • EPSS Score: %0.68
    • Published: Jan. 22, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-23730

    The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.... Read more

    Affected Products : llamahub
    • EPSS Score: %0.19
    • Published: Jan. 21, 2024
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2024-23726

    Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by us... Read more

    Affected Products : ddw365_firmware ddw365
    • EPSS Score: %0.70
    • Published: Jan. 21, 2024
    • Modified: May. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-23725

    Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.... Read more

    Affected Products : ghost
    • EPSS Score: %0.16
    • Published: Jan. 21, 2024
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2024-23689

    Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via cl... Read more

    Affected Products : java_libraries
    • EPSS Score: %0.96
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-23685

    Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. ... Read more

    Affected Products : mod-remote-storage
    • EPSS Score: %0.39
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-23679

    Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. ... Read more

    Affected Products : xp
    • EPSS Score: %0.90
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025

  • 4.8

    MEDIUM
    CVE-2024-23387

    FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is loggi... Read more

    Affected Products : fusionpbx
    • EPSS Score: %0.10
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025
Showing 20 of 291871 Results