Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-31215

    Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only se... Read more

    Affected Products : mobile_security_framework
    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 7.3

    HIGH
    CVE-2023-38709

    Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.... Read more

    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-23486

    Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 6.3

    MEDIUM
    CVE-2024-24795

    HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which... Read more

    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 5.8

    MEDIUM
    CVE-2024-3117

    A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The attack c... Read more

    Affected Products : youdiancms
    • Published: Mar. 31, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-28288

    Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterpri... Read more

    Affected Products : rg-nbr700gw_firmware rg-nbr700gw
    • Published: Mar. 30, 2024
    • Modified: Jun. 30, 2025

  • 6.3

    MEDIUM
    CVE-2024-29316

    NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true.... Read more

    Affected Products : nodebb
    • Published: Mar. 28, 2024
    • Modified: Jun. 30, 2025

  • 6.2

    MEDIUM
    CVE-2024-25580

    An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.... Read more

    Affected Products : qt
    • Published: Mar. 27, 2024
    • Modified: Jun. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-30161

    In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)... Read more

    Affected Products : qt
    • Published: Mar. 24, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-41313

    The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.... Read more

    Affected Products : doris
    • Published: Mar. 12, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-1936

    The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the c... Read more

    Affected Products : thunderbird debian_linux
    • Published: Mar. 04, 2024
    • Modified: Jun. 30, 2025

  • 5.5

    MEDIUM
    CVE-2023-20597

    Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.... Read more

    • Published: Sep. 20, 2023
    • Modified: Jun. 27, 2025

  • 4.4

    MEDIUM
    CVE-2023-20594

    Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.... Read more

    • Published: Sep. 20, 2023
    • Modified: Jun. 27, 2025

  • 9.1

    CRITICAL
    CVE-2025-0108

    An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke ce... Read more

    Affected Products : pan-os
    • Actively Exploited
    • Published: Feb. 12, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2024-48646

    An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other execu... Read more

    Affected Products : sage_frp_1000
    • Published: Oct. 30, 2024
    • Modified: Jun. 27, 2025

  • 7.2

    HIGH
    CVE-2024-48647

    A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to acce... Read more

    Affected Products : sage_frp_1000
    • Published: Oct. 30, 2024
    • Modified: Jun. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-48648

    A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding... Read more

    Affected Products : sage_frp_1000
    • Published: Oct. 30, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-48307

    JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.... Read more

    Affected Products : jeecg_boot
    • Published: Oct. 31, 2024
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-53299

    The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.... Read more

    Affected Products : wicket
    • Published: Jan. 23, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2024-57326

    A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the s... Read more

    Affected Products : online_pizza_delivery_system
    • Published: Jan. 23, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293967 Results