Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-13255

    Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.... Read more

    Affected Products : restful_web_services
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-2870

    The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : swift_framework
    • Published: Jul. 13, 2024
    • Modified: Jun. 04, 2025

  • 4.8

    MEDIUM
    CVE-2024-2696

    The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products : swift_framework
    • Published: Jul. 12, 2024
    • Modified: Jun. 04, 2025

  • 7.4

    HIGH
    CVE-2024-46330

    VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object.... Read more

    Affected Products : vap11g-300_firmware vap11g-300
    • Published: Sep. 26, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-50305

    Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not h... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-23941

    Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the prod... Read more

    Affected Products : group_office
    • EPSS Score: %0.10
    • Published: Feb. 01, 2024
    • Modified: Jun. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-23851

    copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-23746

    Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modifica... Read more

    Affected Products : macos miro
    • EPSS Score: %0.48
    • Published: Feb. 02, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-23744

    An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.... Read more

    Affected Products : mbed_tls
    • EPSS Score: %0.07
    • Published: Jan. 21, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-23731

    The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument.... Read more

    Affected Products : embedchain
    • EPSS Score: %0.13
    • Published: Jan. 21, 2024
    • Modified: Jun. 04, 2025

  • 8.2

    HIGH
    CVE-2024-23681

    Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the s... Read more

    Affected Products : artemis_java_test_sandbox
    • EPSS Score: %0.26
    • Published: Jan. 19, 2024
    • Modified: Jun. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-23453

    Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the ass... Read more

    Affected Products : spoon
    • EPSS Score: %0.05
    • Published: Jan. 24, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-23452

    Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: I... Read more

    Affected Products : brpc
    • EPSS Score: %0.24
    • Published: Feb. 08, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-23304

    Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.... Read more

    Affected Products : kunai
    • EPSS Score: %0.83
    • Published: Feb. 06, 2024
    • Modified: Jun. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-23301

    Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.... Read more

    • EPSS Score: %0.09
    • Published: Jan. 12, 2024
    • Modified: Jun. 04, 2025

  • 6.2

    MEDIUM
    CVE-2024-23223

    A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.02
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 6.2

    MEDIUM
    CVE-2024-23219

    The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.08
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 9.1

    CRITICAL
    CVE-2024-50306

    Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fi... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-23218

    A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.17
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 3.3

    LOW
    CVE-2024-23210

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.03
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025
Showing 20 of 292734 Results