Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-24468

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.... Read more

    Affected Products : flusity
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24398

    Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.... Read more

    Affected Products : dashboards.php
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-24397

    Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.... Read more

    Affected Products : dashboards.js
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24393

    File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.... Read more

    Affected Products : pichome
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-24259

    freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.... Read more

    Affected Products : mupdf
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-24113

    xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.... Read more

    Affected Products : xxl-job
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24018

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24001

    jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protect... Read more

    Affected Products : jsherp
    • Published: Feb. 07, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-23978

    Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.... Read more

    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 6.7

    MEDIUM
    CVE-2024-23764

    Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 ... Read more

    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-23756

    The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.... Read more

    Affected Products : plone
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2024-23749

    KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allo... Read more

    Affected Products : kitty
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2024-23660

    The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic lo... Read more

    Affected Products : trust_wallet
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22902

    Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.... Read more

    Affected Products : vinchin_backup_and_recovery
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22901

    Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.... Read more

    Affected Products : vinchin_backup_and_recovery
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22852

    D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2024-22667

    Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.... Read more

    Affected Products : fedora vim
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 8.2

    HIGH
    CVE-2024-22520

    An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.... Read more

    Affected Products : drone_scanner
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 4.9

    MEDIUM
    CVE-2024-22240

    Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. ... Read more

    Affected Products : aria_operations_for_networks
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2024-22239

    Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. ... Read more

    Affected Products : aria_operations_for_networks
    • Published: Feb. 06, 2024
    • Modified: May. 15, 2025
Showing 20 of 292812 Results