Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2024-34891

    Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.... Read more

    Affected Products : bitrix24 bitrix24
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-44775

    An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.... Read more

    Affected Products : kmqtt
    • Published: Oct. 15, 2024
    • Modified: Sep. 04, 2025

  • 8.6

    HIGH
    CVE-2024-48208

    pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.... Read more

    Affected Products : pure-ftpd
    • Published: Oct. 24, 2024
    • Modified: Sep. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-45176

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflect... Read more

    Affected Products : c-mor c-mor_video_surveillance
    • Published: Sep. 05, 2024
    • Modified: Sep. 04, 2025

  • 6.5

    MEDIUM
    CVE-2023-44447

    TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not ... Read more

    Affected Products : tl-wr902ac_firmware tl-wr902ac
    • Published: May. 03, 2024
    • Modified: Sep. 04, 2025

  • 7.8

    HIGH
    CVE-2024-5292

    D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the a... Read more

    Affected Products : network_assistant
    • Published: May. 23, 2024
    • Modified: Sep. 04, 2025

  • 8.8

    HIGH
    CVE-2024-45173

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can exec... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 05, 2024
    • Modified: Sep. 04, 2025

  • 6.2

    MEDIUM
    CVE-2024-41438

    A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.... Read more

    Affected Products : hicolor
    • Published: Jul. 30, 2024
    • Modified: Sep. 04, 2025

  • 6.2

    MEDIUM
    CVE-2024-41440

    A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.... Read more

    Affected Products : hicolor
    • Published: Jul. 30, 2024
    • Modified: Sep. 04, 2025

  • 8.1

    HIGH
    CVE-2024-45170

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only availab... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 04, 2024
    • Modified: Sep. 04, 2025

  • 8.1

    HIGH
    CVE-2024-45174

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 04, 2024
    • Modified: Sep. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-45177

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration i... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 04, 2024
    • Modified: Sep. 04, 2025

  • 6.8

    MEDIUM
    CVE-2024-45172

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection aga... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 04, 2024
    • Modified: Sep. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-48050

    In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.... Read more

    Affected Products : agentscope
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-9791

    A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is po... Read more

    Affected Products : ac20_firmware ac20
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-9778

    A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approa... Read more

    Affected Products : w12_firmware w12
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9772

    A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public... Read more

    Affected Products : remote_clinic
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-9773

    A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has b... Read more

    Affected Products : remote_clinic
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.0

    MEDIUM
    CVE-2025-9774

    A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The ... Read more

    Affected Products : remote_clinic
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-48057

    localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.... Read more

    Affected Products : localai
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025
Showing 20 of 293334 Results