Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-28871

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.... Read more

    Affected Products : libhtp
    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-47226

    A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top ... Read more

    Affected Products : netbox netbox
    • Published: Sep. 22, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-54772

    An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempt... Read more

    Affected Products : routeros
    • Published: Feb. 11, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-54952

    MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Se... Read more

    Affected Products : routeros
    • Published: May. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-56915

    Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-56917

    Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-56916

    In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript t... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-56918

    In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-28056

    Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" re... Read more

    Affected Products : amplify_cli
    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 6.4

    MEDIUM
    CVE-2024-30256

    Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117. ... Read more

    Affected Products : open_webui
    • Published: Apr. 16, 2024
    • Modified: Jun. 30, 2025

  • 8.8

    HIGH
    CVE-2024-22014

    An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.... Read more

    Affected Products : windows 360_total_security
    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 7.7

    HIGH
    CVE-2024-33671

    An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.... Read more

    Affected Products : backup_exec
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-33673

    An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.... Read more

    Affected Products : backup_exec
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 6.8

    MEDIUM
    CVE-2024-30219

    Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no l... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 7.6

    HIGH
    CVE-2024-31755

    cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.... Read more

    Affected Products : cjson
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 6.0

    MEDIUM
    CVE-2024-32404

    Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.... Read more

    Affected Products : relate
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-32406

    Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.... Read more

    Affected Products : relate
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-25343

    Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.... Read more

    Affected Products : n300_firmware n300
    • Published: Apr. 26, 2024
    • Modified: Jun. 30, 2025

  • 8.1

    HIGH
    CVE-2024-1132

    A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or co... Read more

    • Published: Apr. 17, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-29219

    Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affe... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 294265 Results