Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-46350

    SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods ... Read more

    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-24736

    The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558.... Read more

    Affected Products : ypops\!
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-24470

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.... Read more

    Affected Products : flusity
    • Published: Feb. 02, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24325

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24324

    TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.... Read more

    Affected Products : a8000ru_firmware a8000ru
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-24267

    gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.... Read more

    Affected Products : gpac
    • Published: Feb. 05, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-24136

    The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.... Read more

    Affected Products : math_game
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-23905

    Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : red_hat_dependency_analytics
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-23904

    Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary... Read more

    Affected Products : log_command
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-23898

    Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowin... Read more

    Affected Products : jenkins
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-23747

    The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laud... Read more

    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-23224

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-23213

    The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 3.3

    LOW
    CVE-2024-23211

    A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Set... Read more

    Affected Products : macos iphone_os watchos safari ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-23183

    Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 a... Read more

    Affected Products : a-blog_cms
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-23181

    Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 a... Read more

    Affected Products : a-blog_cms
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-23170

    An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a ... Read more

    Affected Products : mbed_tls
    • Published: Jan. 31, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-23032

    Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • Published: Feb. 01, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-22751

    D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.... Read more

    Affected Products : dir-882_a1_firmware dir-882_a1
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-22662

    TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293633 Results