Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-11206

    Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2024-53376

    CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.... Read more

    Affected Products : cyberpanel
    • Published: Dec. 16, 2024
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-56112

    CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.... Read more

    Affected Products : cyberpanel
    • Published: Dec. 16, 2024
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-51112

    Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2024-51111

    Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55529

    Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.... Read more

    Affected Products : z-blogphp
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2024-55074

    The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.... Read more

    Affected Products : grocy
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-41206

    A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2024-41209

    A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-41217

    A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-49776

    A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2024-49777

    A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2024-49778

    A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-52520

    Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server ... Read more

    Affected Products : nextcloud_server notes
    • Published: Nov. 15, 2024
    • Modified: Sep. 05, 2025

  • 5.7

    MEDIUM
    CVE-2024-52509

    Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and t... Read more

    Affected Products : mail notes
    • Published: Nov. 15, 2024
    • Modified: Sep. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-10934

    In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.... Read more

    Affected Products : openbsd openbsd
    • Published: Nov. 15, 2024
    • Modified: Sep. 04, 2025

  • 8.8

    HIGH
    CVE-2024-51503

    A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitim... Read more

    Affected Products : deep_security_agent
    • Published: Nov. 19, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-52802

    RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processin... Read more

    Affected Products : riot
    • Published: Nov. 22, 2024
    • Modified: Sep. 04, 2025

  • 7.8

    HIGH
    CVE-2025-7425

    A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID ... Read more

    • Published: Jul. 10, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2024-3596

    RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Au... Read more

    • Published: Jul. 09, 2024
    • Modified: Sep. 04, 2025
Showing 20 of 293289 Results