Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-22955

    swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-22601

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-22591

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-22568

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-22549

    FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-22233

    In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * t... Read more

    Affected Products : spring_framework
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-22113

    Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL.... Read more

    Affected Products : cgi_an-anlyzer
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0807

    Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0806

    Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-0805

    Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-0752

    A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.... Read more

    Affected Products : firefox
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0751

    A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0750

    A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-0746

    A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-0606

    An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.... Read more

    Affected Products : firefox_focus
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-0605

    Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user'... Read more

    Affected Products : firefox_focus
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2023-7082

    The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege user... Read more

    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-6625

    The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack... Read more

    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52337

    An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must fir... Read more

    Affected Products : deep_security deep_security_agent
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.1

    HIGH
    CVE-2023-52331

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privil... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293616 Results