Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-31581

    FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 17, 2024
    • Modified: Jun. 03, 2025

  • 7.3

    HIGH
    CVE-2023-43843

    Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: Jun. 03, 2025

  • 7.3

    HIGH
    CVE-2023-43842

    Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request.... Read more

    Affected Products : pe6208_firmware pe6208
    • Published: May. 28, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-23059

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %2.30
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-22942

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %3.13
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2024-22368

    The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.... Read more

    Affected Products : spreadsheet\
    • EPSS Score: %0.04
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-22164

    In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacke... Read more

    Affected Products : enterprise_security
    • EPSS Score: %0.15
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-22087

    route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.... Read more

    Affected Products : pico_http_server_in_c
    • EPSS Score: %4.83
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025

  • 5.3

    MEDIUM
    CVE-2024-22049

    httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames... Read more

    Affected Products : httparty
    • EPSS Score: %0.60
    • Published: Jan. 04, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-21909

    PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Dependin... Read more

    Affected Products : cbor
    • EPSS Score: %0.27
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-21773

    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control se... Read more

    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-21732

    FlyCms through abbaa5a allows XSS via the permission management feature.... Read more

    Affected Products : flycms
    • EPSS Score: %0.12
    • Published: Jan. 01, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2024-20805

    Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.... Read more

    Affected Products : android android dex myfiles
    • EPSS Score: %0.07
    • Published: Jan. 04, 2024
    • Modified: Jun. 03, 2025

  • 5.3

    MEDIUM
    CVE-2024-0333

    Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.07
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 5.3

    MEDIUM
    CVE-2023-6984

    The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpac... Read more

    Affected Products : powerpack_addons_for_elementor
    • EPSS Score: %0.06
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6830

    The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrat... Read more

    Affected Products : formidable_form_builder
    • EPSS Score: %0.38
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 8.6

    HIGH
    CVE-2023-6600

    The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init i... Read more

    Affected Products : omgf
    • EPSS Score: %0.23
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-6551

    As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by ... Read more

    Affected Products : class.upload.php
    • EPSS Score: %0.08
    • Published: Jan. 04, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-6528

    The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.... Read more

    Affected Products : slider_revolution
    • EPSS Score: %15.79
    • Published: Jan. 08, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-6506

    The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. Thi... Read more

    Affected Products : wp_2fa wp_2fa
    • EPSS Score: %0.14
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292495 Results