Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-23749

    KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allo... Read more

    Affected Products : kitty
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-23660

    The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic lo... Read more

    Affected Products : trust_wallet
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22902

    Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.... Read more

    Affected Products : vinchin_backup_and_recovery
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22901

    Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.... Read more

    Affected Products : vinchin_backup_and_recovery
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22852

    D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2024-22667

    Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.... Read more

    Affected Products : fedora vim
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 8.2

    HIGH
    CVE-2024-22520

    An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.... Read more

    Affected Products : drone_scanner
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 4.9

    MEDIUM
    CVE-2024-22240

    Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. ... Read more

    Affected Products : aria_operations_for_networks
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2024-22239

    Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. ... Read more

    Affected Products : aria_operations_for_networks
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2024-22237

    Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. ... Read more

    Affected Products : aria_operations_for_networks
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2024-22107

    An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data... Read more

    Affected Products : gtb_central_console
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-21485

    Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html... Read more

    Affected Products : dash
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 5.0

    MEDIUM
    CVE-2024-20904

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker w... Read more

    Affected Products : business_intelligence
    • Published: Jan. 16, 2024
    • Modified: May. 15, 2025

  • 8.4

    HIGH
    CVE-2024-20813

    Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.... Read more

    Affected Products : android android dex
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 8.4

    HIGH
    CVE-2024-20812

    Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.... Read more

    Affected Products : android android dex
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-20007

    In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue I... Read more

    Affected Products : android mt6779 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 mt6873 +24 more products
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 6.7

    MEDIUM
    CVE-2024-20001

    In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DT... Read more

    Affected Products : android mt5583 mt5691 mt5695 mt9010 mt9011 mt9012 mt9016 mt9020 mt9021 +49 more products
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-1284

    Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Feb. 07, 2024
    • Modified: May. 15, 2025

  • 5.3

    MEDIUM
    CVE-2024-1110

    The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attacke... Read more

    Affected Products : podlove_podcast_publisher
    • Published: Feb. 07, 2024
    • Modified: May. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-0797

    The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and inc... Read more

    Affected Products : woot
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025
Showing 20 of 292801 Results