Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-36623

    moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.... Read more

    Affected Products : moby
    • Published: Nov. 29, 2024
    • Modified: Jul. 02, 2025

  • 7.5

    HIGH
    CVE-2024-31669

    rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide.... Read more

    Affected Products : rizin
    • Published: Dec. 02, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-45206

    A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 7.0

    HIGH
    CVE-2024-45207

    DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Vee... Read more

    Affected Products : veeam_agent_for_windows
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 8.0

    HIGH
    CVE-2024-50699

    TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jul. 02, 2025

  • 7.5

    HIGH
    CVE-2024-37377

    A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Dec. 12, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-1861

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the ... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-49177

    A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    HIGH
    CVE-2012-6068

    The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener ... Read more

    Affected Products : codesys_runtime_system
    • Published: Jan. 21, 2013
    • Modified: Jul. 02, 2025

  • 7.3

    HIGH
    CVE-2025-1736

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lea... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-1734

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse ... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2024-8929

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of ... Read more

    Affected Products : php
    • Published: Nov. 22, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-8932

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.... Read more

    Affected Products : php ontap
    • Published: Nov. 22, 2024
    • Modified: Jul. 02, 2025

  • 7.5

    HIGH
    CVE-2024-37401

    An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Dec. 12, 2024
    • Modified: Jul. 02, 2025

  • 5.3

    MEDIUM
    CVE-2024-12255

    The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attack... Read more

    • Published: Dec. 12, 2024
    • Modified: Jul. 02, 2025

  • 6.3

    MEDIUM
    CVE-2024-31670

    rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.... Read more

    Affected Products : rizin
    • Published: Dec. 12, 2024
    • Modified: Jul. 02, 2025

  • 7.6

    HIGH
    CVE-2025-49262

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shaonsina Sina Extension for Elementor allows Stored XSS. This issue affects Sina Extension for Elementor: from n/a through 3.6.1.... Read more

    Affected Products : sina_extension_for_elementor
    • Published: Jun. 06, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-49291

    Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58.... Read more

    Affected Products : calculated_fields_form
    • Published: Jun. 06, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-48126

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1.... Read more

    Affected Products : essential_real_estate
    • Published: Jun. 09, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-48261

    Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX allows Retrieve Embedded Sensitive Data. This issue affects MultiVendorX: from n/a through 4.2.22.... Read more

    Affected Products : multivendorx
    • Published: Jun. 09, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293939 Results