Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-6787

    A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Apr. 25, 2024
    • Modified: Jun. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-27349

    Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.... Read more

    Affected Products : hugegraph
    • Published: Apr. 22, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-27347

    Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.... Read more

    Affected Products : hugegraph-hubble
    • Published: Apr. 22, 2024
    • Modified: Jun. 30, 2025

  • 4.6

    MEDIUM
    CVE-2024-29217

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their pers... Read more

    Affected Products : answer
    • Published: Apr. 21, 2024
    • Modified: Jun. 30, 2025

  • 8.0

    HIGH
    CVE-2024-32303

    Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 17, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-28957

    Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-28894

    Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially cra... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 9.6

    CRITICAL
    CVE-2024-28231

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS pr... Read more

    Affected Products : fast_dds
    • Published: Mar. 20, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-23911

    Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 4.2

    MEDIUM
    CVE-2024-26023

    OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-29190

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the host... Read more

    Affected Products : mobile_security_framework
    • Published: Mar. 22, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2014-2217

    Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in t... Read more

    • Published: Dec. 25, 2014
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-28141

    An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execut... Read more

    • Published: Mar. 11, 2021
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2019-19790

    Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was disco... Read more

    • Published: Dec. 13, 2019
    • Modified: Jun. 30, 2025

  • 6.3

    MEDIUM
    CVE-2024-31215

    Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only se... Read more

    Affected Products : mobile_security_framework
    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 7.3

    HIGH
    CVE-2023-38709

    Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.... Read more

    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-23486

    Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 6.3

    MEDIUM
    CVE-2024-24795

    HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which... Read more

    • Published: Apr. 04, 2024
    • Modified: Jun. 30, 2025

  • 5.8

    MEDIUM
    CVE-2024-3117

    A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The attack c... Read more

    Affected Products : youdiancms
    • Published: Mar. 31, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-28288

    Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterpri... Read more

    Affected Products : rg-nbr700gw_firmware rg-nbr700gw
    • Published: Mar. 30, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 294276 Results