Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-42141

    An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.... Read more

    Affected Products : tinydtls
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-31314

    File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.... Read more

    Affected Products : terminal_security_system
    • Published: Jan. 20, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2020-36771

    CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.... Read more

    Affected Products : cagefs
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-31648

    Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-30656

    An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.... Read more

    Affected Products : dream_firmware dream
    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-31651

    A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-33806

    Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-21088

    Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network acces... Read more

    • Published: Apr. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.6

    HIGH
    CVE-2024-37818

    Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi ... Read more

    Affected Products : strapi
    • Published: Jun. 20, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2024-37081

    The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Applia... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Jun. 18, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-38467

    Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.... Read more

    Affected Products : synthesis_image_system
    • Published: Jun. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.4

    HIGH
    CVE-2024-36600

    Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.... Read more

    Affected Products : libcdio
    • Published: Jun. 14, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2022-43216

    AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page.... Read more

    • Published: Apr. 08, 2024
    • Modified: Jun. 20, 2025

  • 7.3

    HIGH
    CVE-2024-29390

    Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands... Read more

    • Published: Jun. 20, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-38951

    A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jun. 25, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-38952

    PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jun. 25, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-46340

    TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 8.0

    HIGH
    CVE-2024-46341

    TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-56072

    An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples.... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-56073

    An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash).... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293622 Results