Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-40750

    Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.... Read more

    • Published: Jul. 09, 2024
    • Modified: Jun. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20308

    A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because craf... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Jun. 30, 2025

  • 5.0

    MEDIUM
    CVE-2024-23336

    MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addres... Read more

    Affected Products : mybb
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 4.7

    MEDIUM
    CVE-2024-23335

    MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves thi... Read more

    Affected Products : mybb
    • Published: May. 01, 2024
    • Modified: Jun. 30, 2025

  • 6.4

    MEDIUM
    CVE-2024-29008

    A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM... Read more

    Affected Products : cloudstack
    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-28871

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.... Read more

    Affected Products : libhtp
    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-47226

    A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top ... Read more

    Affected Products : netbox netbox
    • Published: Sep. 22, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-54772

    An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempt... Read more

    Affected Products : routeros
    • Published: Feb. 11, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-54952

    MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Se... Read more

    Affected Products : routeros
    • Published: May. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-56915

    Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-56917

    Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-56916

    In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript t... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-56918

    In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-28056

    Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" re... Read more

    Affected Products : amplify_cli
    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 6.4

    MEDIUM
    CVE-2024-30256

    Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117. ... Read more

    Affected Products : open_webui
    • Published: Apr. 16, 2024
    • Modified: Jun. 30, 2025

  • 8.8

    HIGH
    CVE-2024-22014

    An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.... Read more

    Affected Products : windows 360_total_security
    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 7.7

    HIGH
    CVE-2024-33671

    An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.... Read more

    Affected Products : backup_exec
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-33673

    An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.... Read more

    Affected Products : backup_exec
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 6.8

    MEDIUM
    CVE-2024-30219

    Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no l... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 7.6

    HIGH
    CVE-2024-31755

    cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.... Read more

    Affected Products : cjson
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 293969 Results