Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-22014

    An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.... Read more

    Affected Products : windows 360_total_security
    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 7.7

    HIGH
    CVE-2024-33671

    An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.... Read more

    Affected Products : backup_exec
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-33673

    An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.... Read more

    Affected Products : backup_exec
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 6.8

    MEDIUM
    CVE-2024-30219

    Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no l... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 7.6

    HIGH
    CVE-2024-31755

    cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.... Read more

    Affected Products : cjson
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 6.0

    MEDIUM
    CVE-2024-32404

    Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.... Read more

    Affected Products : relate
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-32406

    Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.... Read more

    Affected Products : relate
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-25343

    Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.... Read more

    Affected Products : n300_firmware n300
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 8.1

    HIGH
    CVE-2024-1132

    A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or co... Read more

    • Published: Apr. 17, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-29219

    Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affe... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 8.8

    HIGH
    CVE-2024-29218

    Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affect... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 5.6

    MEDIUM
    CVE-2024-30800

    PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Apr. 23, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-28099

    VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.... Read more

    Affected Products : vt_studio
    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 8.8

    HIGH
    CVE-2023-6787

    A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Apr. 25, 2024
    • Modified: Jun. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-27349

    Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.... Read more

    Affected Products : hugegraph
    • Published: Apr. 22, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-27347

    Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.... Read more

    Affected Products : hugegraph-hubble
    • Published: Apr. 22, 2024
    • Modified: Jun. 30, 2025

  • 4.6

    MEDIUM
    CVE-2024-29217

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their pers... Read more

    Affected Products : answer
    • Published: Apr. 21, 2024
    • Modified: Jun. 30, 2025

  • 8.0

    HIGH
    CVE-2024-32303

    Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 17, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-28957

    Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-28894

    Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially cra... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 294072 Results