Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-24215

    An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.... Read more

    Affected Products : nvt_web_server
    • Published: Feb. 08, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24189

    Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.... Read more

    Affected Products : jsish
    • Published: Feb. 07, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24015

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit... Read more

    Affected Products : novel-plus
    • Published: Feb. 06, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-22853

    D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • Published: Feb. 06, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-22836

    An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.... Read more

    Affected Products : akaunting
    • Published: Feb. 08, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-22715

    Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.... Read more

    Affected Products : stupid_simple_cms
    • Published: Jan. 17, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-47889

    The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequen... Read more

    Affected Products : super_reboot
    • Published: Feb. 06, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-46350

    SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods ... Read more

    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-24736

    The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558.... Read more

    Affected Products : ypops\!
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-24470

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.... Read more

    Affected Products : flusity
    • Published: Feb. 02, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24325

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24324

    TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.... Read more

    Affected Products : a8000ru_firmware a8000ru
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-24267

    gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.... Read more

    Affected Products : gpac
    • Published: Feb. 05, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-24136

    The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.... Read more

    Affected Products : math_game
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-23905

    Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : red_hat_dependency_analytics
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-23904

    Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary... Read more

    Affected Products : log_command
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-23898

    Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowin... Read more

    Affected Products : jenkins
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-23747

    The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laud... Read more

    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-23224

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-23213

    The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293620 Results