Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-24027

    SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.... Read more

    Affected Products : likeshop
    • Published: Feb. 27, 2024
    • Modified: Jun. 17, 2025

  • 5.9

    MEDIUM
    CVE-2024-28756

    The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.... Read more

    Affected Products : mysolaredge
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-28396

    An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.... Read more

    Affected Products : orders_\(csv\,_excel\)_export_pro
    • Published: Mar. 20, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-28735

    Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.... Read more

    Affected Products : financials_by_coda
    • Published: Mar. 20, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-50967

    latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.... Read more

    Affected Products : fedora jose
    • Published: Mar. 20, 2024
    • Modified: Jun. 17, 2025

  • 9.1

    CRITICAL
    CVE-2024-25294

    An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.... Read more

    Affected Products : rebuild
    • Published: Mar. 20, 2024
    • Modified: Jun. 17, 2025

  • 5.9

    MEDIUM
    CVE-2024-24028

    Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.... Read more

    Affected Products : likeshop
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 7.4

    HIGH
    CVE-2025-32914

    A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.... Read more

    • Published: Apr. 14, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-32913

    A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.... Read more

    • Published: Apr. 14, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 9.0

    CRITICAL
    CVE-2025-32911

    A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.... Read more

    • Published: Apr. 15, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-32906

    A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.... Read more

    • Published: Apr. 14, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-32049

    A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).... Read more

    • Published: Apr. 03, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2021-23814

    This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web ... Read more

    Affected Products : laravel-filemanager
    • Published: Dec. 17, 2021
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2025-32920

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0.... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-47196

    A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated loc... Read more

    Affected Products : modelsim questa
    • Published: Oct. 08, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-45699

    Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.... Read more

    Affected Products : ecu-r_firmware ecu-r
    • Published: Feb. 10, 2023
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29646

    Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.... Read more

    Affected Products : radare2
    • Published: Dec. 17, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-35410

    wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.... Read more

    Affected Products : wac
    • Published: Nov. 08, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-35418

    wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.... Read more

    Affected Products : wac
    • Published: Nov. 08, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-35419

    wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.... Read more

    Affected Products : wac
    • Published: Nov. 08, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293544 Results