Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-27626

    A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.... Read more

    Affected Products : dotclear
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-2053

    The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy adm... Read more

    Affected Products : artica_proxy
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-2054

    The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.... Read more

    Affected Products : artica_proxy
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29858

    In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.... Read more

    Affected Products : misp
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-29862

    The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state.... Read more

    Affected Products : gateway_bridge mqtt_forwarder
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29864

    Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.... Read more

    Affected Products : distrobox
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-26307

    Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be mi... Read more

    Affected Products : doris
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-27438

    Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbi... Read more

    Affected Products : doris
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.1

    CRITICAL
    CVE-2024-29866

    Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges.... Read more

    Affected Products : seq
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29243

    Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi.... Read more

    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-29244

    Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi.... Read more

    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 8.0

    HIGH
    CVE-2024-2463

    Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1. ... Read more

    Affected Products : cdex
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 6.3

    MEDIUM
    CVE-2024-2464

    This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1. ... Read more

    Affected Products : cdex
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.1

    HIGH
    CVE-2024-2465

    Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. ... Read more

    Affected Products : cdex
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-49837

    Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6. ... Read more

    Affected Products : code_embed
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2024-24027

    SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.... Read more

    Affected Products : likeshop
    • Published: Feb. 27, 2024
    • Modified: Jun. 17, 2025

  • 5.9

    MEDIUM
    CVE-2024-28756

    The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.... Read more

    Affected Products : mysolaredge
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-28396

    An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.... Read more

    Affected Products : orders_\(csv\,_excel\)_export_pro
    • Published: Mar. 20, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-28735

    Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.... Read more

    Affected Products : financials_by_coda
    • Published: Mar. 20, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-50967

    latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.... Read more

    Affected Products : fedora jose
    • Published: Mar. 20, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293510 Results