Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-52547

    An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Sep. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-52544

    An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Sep. 05, 2025

  • 6.2

    MEDIUM
    CVE-2024-23454

    Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporar... Read more

    Affected Products : hadoop
    • Published: Sep. 25, 2024
    • Modified: Sep. 05, 2025

  • 7.3

    HIGH
    CVE-2024-10972

    Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode applicati... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Sep. 05, 2025

  • 7.5

    HIGH
    CVE-2025-3698

    Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.... Read more

    Affected Products : carlcare carlcare
    • Published: Apr. 16, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-2190

    The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.... Read more

    Affected Products : com.transsnet.store
    • Published: Mar. 11, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1298

    Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.... Read more

    Affected Products : carlcare carlcare
    • Published: Feb. 14, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-7697

    Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.... Read more

    Affected Products : carlcare carlcare
    • Published: Aug. 12, 2024
    • Modified: Sep. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-12603

    A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Sep. 05, 2025

  • 7.5

    HIGH
    CVE-2024-11206

    Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2024-53376

    CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.... Read more

    Affected Products : cyberpanel
    • Published: Dec. 16, 2024
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-56112

    CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.... Read more

    Affected Products : cyberpanel
    • Published: Dec. 16, 2024
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-51112

    Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2024-51111

    Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55529

    Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.... Read more

    Affected Products : z-blogphp
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2024-55074

    The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.... Read more

    Affected Products : grocy
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-41206

    A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2024-41209

    A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-41217

    A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-49776

    A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025
Showing 20 of 293315 Results