Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-44068

    An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Oct. 07, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2025-43200

    This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, ma... Read more

    Affected Products : macos iphone_os watchos ipados visionos
    • Actively Exploited
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-46292

    A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation in... Read more

    Affected Products : modsecurity modsecurity
    • Published: Oct. 09, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-45184

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due... Read more

    • Published: Oct. 11, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2024-48700

    Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.... Read more

    Affected Products : kliqqi_cms
    • Published: Oct. 25, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-48112

    A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.... Read more

    Affected Products : thinkphp
    • Published: Oct. 30, 2024
    • Modified: Jun. 17, 2025

  • 8.6

    HIGH
    CVE-2024-34402

    An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.... Read more

    Affected Products : fedora uriparser
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.9

    MEDIUM
    CVE-2024-34403

    An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.... Read more

    Affected Products : fedora uriparser
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-23686

    DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. ... Read more

    Affected Products : dependency-check
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-23055

    An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.... Read more

    Affected Products : plone_docker_official_image
    • Published: Jan. 25, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2024-22912

    A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2024-22567

    File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.... Read more

    Affected Products : mcms
    • Published: Feb. 05, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-1283

    Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Feb. 07, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-7074

    The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : wp_social_bookmark_menu
    • Published: Jan. 29, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-6161

    The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_crowdfunding
    • Published: Jan. 08, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-5041

    The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attac... Read more

    Affected Products : track_the_click
    • Published: Jan. 17, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-52032

    TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-51282

    An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.... Read more

    Affected Products : mcms
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-46953

    SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.... Read more

    Affected Products : abo.cms
    • Published: Jan. 06, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-44077

    Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.... Read more

    Affected Products : macos sharebrowser
    • Published: Jan. 17, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293510 Results