Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2024-31755

    cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.... Read more

    Affected Products : cjson
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 6.0

    MEDIUM
    CVE-2024-32404

    Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.... Read more

    Affected Products : relate
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-32406

    Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.... Read more

    Affected Products : relate
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-25343

    Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.... Read more

    Affected Products : n300_firmware n300
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 8.1

    HIGH
    CVE-2024-1132

    A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or co... Read more

    • Published: Apr. 17, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-29219

    Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affe... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 8.8

    HIGH
    CVE-2024-29218

    Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affect... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 5.6

    MEDIUM
    CVE-2024-30800

    PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Apr. 23, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-28099

    VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.... Read more

    Affected Products : vt_studio
    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 8.8

    HIGH
    CVE-2023-6787

    A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Apr. 25, 2024
    • Modified: Jun. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-27349

    Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.... Read more

    Affected Products : hugegraph
    • Published: Apr. 22, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-27347

    Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.... Read more

    Affected Products : hugegraph-hubble
    • Published: Apr. 22, 2024
    • Modified: Jun. 30, 2025

  • 4.6

    MEDIUM
    CVE-2024-29217

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their pers... Read more

    Affected Products : answer
    • Published: Apr. 21, 2024
    • Modified: Jun. 30, 2025

  • 8.0

    HIGH
    CVE-2024-32303

    Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 17, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-28957

    Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-28894

    Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially cra... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 9.6

    CRITICAL
    CVE-2024-28231

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS pr... Read more

    Affected Products : fast_dds
    • Published: Mar. 20, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-23911

    Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 4.2

    MEDIUM
    CVE-2024-26023

    OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-29190

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the host... Read more

    Affected Products : mobile_security_framework
    • Published: Mar. 22, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 294068 Results