Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-23453

    Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the ass... Read more

    Affected Products : spoon
    • Published: Jan. 24, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-23452

    Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: I... Read more

    Affected Products : brpc
    • Published: Feb. 08, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-23304

    Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.... Read more

    Affected Products : kunai
    • Published: Feb. 06, 2024
    • Modified: Jun. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-23301

    Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.... Read more

    • Published: Jan. 12, 2024
    • Modified: Jun. 04, 2025

  • 6.2

    MEDIUM
    CVE-2024-23223

    A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 6.2

    MEDIUM
    CVE-2024-23219

    The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 9.1

    CRITICAL
    CVE-2024-50306

    Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fi... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-23218

    A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 3.3

    LOW
    CVE-2024-23210

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2024-23208

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-23207

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2024-23180

    Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.... Read more

    Affected Products : a-blog_cms
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-23172

    An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.... Read more

    Affected Products : mediawiki
    • Published: Jan. 12, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-23031

    Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • Published: Feb. 01, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-37137

    PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will pr... Read more

    Affected Products : paymoney
    • Published: Sep. 14, 2022
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-34707

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-34706

    Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-34705

    Windows Defender Credential Guard Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-34703

    Windows Partition Management Driver Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 8.1

    HIGH
    CVE-2022-34702

    Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025
Showing 20 of 292803 Results