Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2023-34302

    Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to e... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2025-27038

    Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.... Read more

    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-32674

    Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.... Read more

    Affected Products : social_login
    • Published: May. 08, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27731

    Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-27730

    Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27728

    Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 8.4

    HIGH
    CVE-2024-46278

    Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.... Read more

    Affected Products : teedy
    • Published: Oct. 07, 2024
    • Modified: Jun. 04, 2025

  • 6.5

    MEDIUM
    CVE-2023-32167

    D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploi... Read more

    Affected Products : d-view_8
    • Published: May. 03, 2024
    • Modified: Jun. 04, 2025

  • 5.7

    MEDIUM
    CVE-2024-52711

    DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter.... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Nov. 19, 2024
    • Modified: Jun. 04, 2025

  • 8.0

    HIGH
    CVE-2024-39963

    AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform... Read more

    Affected Products : ax12_firmware ax9_firmware ax12 ax9
    • Published: Jul. 19, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2024-41281

    Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function.... Read more

    Affected Products : wrt54g wrt54g_firmware
    • Published: Jul. 19, 2024
    • Modified: Jun. 04, 2025

  • 6.9

    MEDIUM
    CVE-2024-8521

    A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to lau... Read more

    Affected Products : wavelog
    • Published: Sep. 07, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-8023

    A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotel... Read more

    Affected Products : springblade springblade
    • Published: Aug. 21, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2024-13244

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.... Read more

    Affected Products : migrate_tools
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-41726

    Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed.... Read more

    Affected Products : skysea_client_view
    • Published: Jul. 29, 2024
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2024-41139

    Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific folder, arbitrar... Read more

    Affected Products : skysea_client_view
    • Published: Jul. 29, 2024
    • Modified: Jun. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-10076

    The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimatel... Read more

    Affected Products : jetpack jetpack_boost
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-13243

    Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1.... Read more

    Affected Products : entity_delete_log
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-13242

    Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.... Read more

    Affected Products : swift_mailer
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2024-10075

    The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.... Read more

    Affected Products : jetpack
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization
Showing 20 of 292769 Results