Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-42146

    An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows r... Read more

    Affected Products : tinydtls
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2021-42145

    An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service.... Read more

    Affected Products : tinydtls
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-42144

    Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message().... Read more

    Affected Products : contiki-ng_tinydtls
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2021-42143

    An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHe... Read more

    Affected Products : tinydtls
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2021-43635

    A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.... Read more

    Affected Products : codex codex
    • Published: Feb. 04, 2022
    • Modified: Jun. 20, 2025

  • 7.3

    HIGH
    CVE-2025-1068

    There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a ... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1067

    There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specif... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-35079

    An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file.... Read more

    Affected Products : inxedu
    • Published: May. 23, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-35080

    An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file.... Read more

    Affected Products : inxedu inxedu
    • Published: May. 23, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-35570

    An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file.... Read more

    Affected Products : inxedu
    • Published: May. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-26604

    systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other... Read more

    Affected Products : debian_linux systemd
    • Published: Mar. 03, 2023
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2024-31030

    An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet.... Read more

    Affected Products : freecoap
    • Published: May. 31, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-23751

    LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able t... Read more

    Affected Products : llamaindex
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-23750

    MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.... Read more

    Affected Products : metagpt
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-23732

    The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.... Read more

    Affected Products : embedchain
    • Published: Jan. 21, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2024-23688

    Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is ... Read more

    Affected Products : discovery
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-23684

    Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously craf... Read more

    Affected Products : cbor
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 8.2

    HIGH
    CVE-2024-23683

    Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly... Read more

    Affected Products : artemis_java_test_sandbox
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 8.2

    HIGH
    CVE-2024-23682

    Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandbo... Read more

    Affected Products : artemis_java_test_sandbox
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-22957

    swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293616 Results