Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-41069

    This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-40830

    Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Oct. 03, 2023
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2023-33760

    SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.... Read more

    Affected Products : maximiser_soft_pbx
    • Published: Jan. 25, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-33295

    Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation.... Read more

    Affected Products : cohesity_dataplatform
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 6.3

    MEDIUM
    CVE-2024-33121

    Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.... Read more

    Affected Products : roothub
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 6.3

    MEDIUM
    CVE-2024-46540

    A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privilege... Read more

    Affected Products : emlog_pro emlog
    • Published: Sep. 30, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-47913

    An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view t... Read more

    Affected Products : mediawiki abusefilter
    • Published: Oct. 04, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-44068

    An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Oct. 07, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2025-43200

    This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, ma... Read more

    Affected Products : macos iphone_os watchos ipados visionos
    • Actively Exploited
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-46292

    A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation in... Read more

    Affected Products : modsecurity modsecurity
    • Published: Oct. 09, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-45184

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due... Read more

    • Published: Oct. 11, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2024-48700

    Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.... Read more

    Affected Products : kliqqi_cms
    • Published: Oct. 25, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-48112

    A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.... Read more

    Affected Products : thinkphp
    • Published: Oct. 30, 2024
    • Modified: Jun. 17, 2025

  • 8.6

    HIGH
    CVE-2024-34402

    An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.... Read more

    Affected Products : fedora uriparser
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.9

    MEDIUM
    CVE-2024-34403

    An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.... Read more

    Affected Products : fedora uriparser
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-23686

    DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. ... Read more

    Affected Products : dependency-check
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-23055

    An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.... Read more

    Affected Products : plone_docker_official_image
    • Published: Jan. 25, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2024-22912

    A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2024-22567

    File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.... Read more

    Affected Products : mcms
    • Published: Feb. 05, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-1283

    Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Feb. 07, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293517 Results