Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-50306

    Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fi... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-23218

    A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 3.3

    LOW
    CVE-2024-23210

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2024-23208

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-23207

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2024-23180

    Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.... Read more

    Affected Products : a-blog_cms
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-23172

    An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.... Read more

    Affected Products : mediawiki
    • Published: Jan. 12, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-23031

    Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • Published: Feb. 01, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-37137

    PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will pr... Read more

    Affected Products : paymoney
    • Published: Sep. 14, 2022
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-34707

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-34706

    Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-34705

    Windows Defender Credential Guard Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2022-34703

    Windows Partition Management Driver Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 8.1

    HIGH
    CVE-2022-34702

    Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2022-34701

    Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2014-1745

    Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFa... Read more

    Affected Products : chrome
    • Published: May. 21, 2014
    • Modified: Jun. 04, 2025

  • 9.3

    HIGH
    CVE-2011-2016

    Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current w... Read more

    • Published: Nov. 08, 2011
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-13254

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.... Read more

    Affected Products : rest_views
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-13252

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0.... Read more

    Affected Products : tacjs
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-4887

    A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launc... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 18, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293328 Results