Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-31651

    A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-33806

    Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-21088

    Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network acces... Read more

    • Published: Apr. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.6

    HIGH
    CVE-2024-37818

    Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi ... Read more

    Affected Products : strapi
    • Published: Jun. 20, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2024-37081

    The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Applia... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Jun. 18, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-38467

    Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.... Read more

    Affected Products : synthesis_image_system
    • Published: Jun. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.4

    HIGH
    CVE-2024-36600

    Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.... Read more

    Affected Products : libcdio
    • Published: Jun. 14, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2022-43216

    AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page.... Read more

    • Published: Apr. 08, 2024
    • Modified: Jun. 20, 2025

  • 7.3

    HIGH
    CVE-2024-29390

    Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands... Read more

    • Published: Jun. 20, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-38951

    A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jun. 25, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-38952

    PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jun. 25, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-46340

    TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 8.0

    HIGH
    CVE-2024-46341

    TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-56072

    An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples.... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-56073

    An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash).... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.1

    HIGH
    CVE-2024-56084

    An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.... Read more

    Affected Products : universal_normalizer
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2023-6602

    A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 31, 2024
    • Modified: Jun. 20, 2025

  • 6.8

    MEDIUM
    CVE-2024-12086

    A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums... Read more

    • Published: Jan. 14, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-54887

    TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the r... Read more

    Affected Products : tl-wr940n_firmware tl-wr940n
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.6

    CRITICAL
    CVE-2024-55224

    An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293617 Results