Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-52533

    gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.... Read more

    • Published: Nov. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-50648

    yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.... Read more

    Affected Products : yshopmall
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-50649

    The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.... Read more

    Affected Products : python_book
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 8.4

    HIGH
    CVE-2025-3464

    A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advis... Read more

    Affected Products : armoury_crate
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2024-50650

    python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.... Read more

    Affected Products : python_book
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2024-51141

    An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.... Read more

    Affected Products : a6000ub_firmware a6000ub
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-50848

    An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.... Read more

    Affected Products : worldserver
    • Published: Nov. 18, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2025-3902

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1.... Read more

    Affected Products : block_class
    • Published: Apr. 23, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-33781

    MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-33782

    MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2024-33783

    MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2024-33780

    MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-38875

    An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.3

    MEDIUM
    CVE-2024-39329

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusabl... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-39330

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, pote... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-39614

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2025-30321

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in ... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-43558

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43589

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43590

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293508 Results