Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-37081

    The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Applia... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Jun. 18, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-38467

    Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.... Read more

    Affected Products : synthesis_image_system
    • Published: Jun. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.4

    HIGH
    CVE-2024-36600

    Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.... Read more

    Affected Products : libcdio
    • Published: Jun. 14, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2022-43216

    AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page.... Read more

    • Published: Apr. 08, 2024
    • Modified: Jun. 20, 2025

  • 7.3

    HIGH
    CVE-2024-29390

    Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands... Read more

    • Published: Jun. 20, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-38951

    A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jun. 25, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-38952

    PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jun. 25, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-46340

    TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 8.0

    HIGH
    CVE-2024-46341

    TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-56072

    An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples.... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-56073

    An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash).... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.1

    HIGH
    CVE-2024-56084

    An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.... Read more

    Affected Products : universal_normalizer
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2023-6602

    A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 31, 2024
    • Modified: Jun. 20, 2025

  • 6.8

    MEDIUM
    CVE-2024-12086

    A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums... Read more

    • Published: Jan. 14, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-54887

    TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the r... Read more

    Affected Products : tl-wr940n_firmware tl-wr940n
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.6

    CRITICAL
    CVE-2024-55224

    An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55225

    An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-37776

    A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-37775

    Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.0

    HIGH
    CVE-2024-37774

    A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293613 Results