Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-23684

    Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously craf... Read more

    Affected Products : cbor
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 8.2

    HIGH
    CVE-2024-23683

    Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly... Read more

    Affected Products : artemis_java_test_sandbox
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 8.2

    HIGH
    CVE-2024-23682

    Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandbo... Read more

    Affected Products : artemis_java_test_sandbox
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-22957

    swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2024-22955

    swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-22601

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-22591

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-22568

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-22549

    FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-22233

    In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * t... Read more

    Affected Products : spring_framework
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-22113

    Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL.... Read more

    Affected Products : cgi_an-anlyzer
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0807

    Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0806

    Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-0805

    Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-0752

    A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.... Read more

    Affected Products : firefox
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0751

    A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0750

    A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-0746

    A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-0606

    An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.... Read more

    Affected Products : firefox_focus
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-0605

    Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user'... Read more

    Affected Products : firefox_focus
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293620 Results