Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-22660

    TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2024-22648

    A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment.... Read more

    Affected Products : seo_panel
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-22635

    WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.... Read more

    Affected Products : webcalendar
    • Published: Jan. 25, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-22570

    A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : greencms
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-22523

    Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component.... Read more

    Affected Products : ifair
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 6.8

    MEDIUM
    CVE-2024-22366

    Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitr... Read more

    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-21765

    Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.... Read more

    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 6.7

    MEDIUM
    CVE-2024-20013

    In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +48 more products
    • Published: Feb. 05, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-20011

    In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146;... Read more

    Affected Products : android mt6985 mt8188t mt8168 mt8183 mt8188 mt8195 mt8167 mt8167s mt8173 +8 more products
    • Published: Feb. 05, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-20009

    In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441... Read more

    Affected Products : android mt6779 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 mt6873 +24 more products
    • Published: Feb. 05, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2024-0853

    curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped th... Read more

    Affected Products : curl
    • Published: Feb. 03, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0813

    Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-7089

    The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : easy_svg_support
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2023-6390

    The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : wordpress_users
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-6389

    The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing... Read more

    Affected Products : wordpress_toolbar
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-6278

    The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scrip... Read more

    Affected Products : biteship
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51951

    SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.... Read more

    Affected Products : stock_management_system
    • Published: Feb. 05, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51887

    Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.... Read more

    Affected Products : mathtex
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2023-51839

    DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.... Read more

    Affected Products : smartphone_test_farm
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 6.8

    MEDIUM
    CVE-2023-51820

    An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code.... Read more

    • Published: Feb. 02, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293613 Results