Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-56073

    An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash).... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.1

    HIGH
    CVE-2024-56084

    An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.... Read more

    Affected Products : universal_normalizer
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2023-6602

    A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 31, 2024
    • Modified: Jun. 20, 2025

  • 6.8

    MEDIUM
    CVE-2024-12086

    A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums... Read more

    • Published: Jan. 14, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-54887

    TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the r... Read more

    Affected Products : tl-wr940n_firmware tl-wr940n
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.6

    CRITICAL
    CVE-2024-55224

    An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55225

    An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-37776

    A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-37775

    Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.0

    HIGH
    CVE-2024-37774

    A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2024-23347

    Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.... Read more

    Affected Products : meta_spark_studio
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-22714

    Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content.... Read more

    Affected Products : stupid_simple_cms
    • Published: Jan. 17, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2024-22627

    Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=.... Read more

    Affected Products : supplier_management_system
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-22362

    Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.... Read more

    Affected Products : drupal
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-20985

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 4.9

    MEDIUM
    CVE-2024-20983

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to ... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 4.9

    MEDIUM
    CVE-2024-20981

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 4.9

    MEDIUM
    CVE-2024-20965

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-20961

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-20944

    Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTT... Read more

    Affected Products : isupport
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293623 Results