Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-22526

    Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.... Read more

    Affected Products : bandiview
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 7.1

    HIGH
    CVE-2024-23576

    Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. ... Read more

    Affected Products : hcl_commerce
    • Published: May. 14, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2020-8006

    The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of co... Read more

    Affected Products : raption_server
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2024-25545

    An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.... Read more

    Affected Products : weave_desktop
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-28718

    An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.... Read more

    Affected Products : magnum
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-31818

    Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.... Read more

    Affected Products : derbynet
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-30845

    Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters.... Read more

    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-31839

    Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.... Read more

    Affected Products : chaos
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-31391

    Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authe... Read more

    Affected Products : solr_operator
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 4.4

    MEDIUM
    CVE-2023-6494

    The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    • Published: Apr. 13, 2024
    • Modified: Jun. 17, 2025

  • 8.6

    HIGH
    CVE-2024-32487

    less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted... Read more

    • Published: Apr. 13, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-3701

    The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.... Read more

    Affected Products : hios
    • Published: Apr. 15, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29500

    An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance.... Read more

    Affected Products : secure_lockdown
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-29502

    An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths.... Read more

    Affected Products : secure_lockdown
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-31819

    An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.... Read more

    Affected Products : avideo
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2024-26362

    HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.... Read more

    Affected Products : linux_kernel windows password_manager
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 7.6

    HIGH
    CVE-2024-29504

    Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.... Read more

    Affected Products : summernote
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-27683

    D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • Published: Apr. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29937

    NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.... Read more

    Affected Products : freebsd openbsd openbsd
    • Published: Apr. 11, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-3652

    The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2... Read more

    Affected Products : libreswan
    • Published: Apr. 11, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293544 Results