Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-32049

    A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).... Read more

    • Published: Apr. 03, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2021-23814

    This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web ... Read more

    Affected Products : laravel-filemanager
    • Published: Dec. 17, 2021
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2025-32920

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0.... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-47196

    A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated loc... Read more

    Affected Products : modelsim questa
    • Published: Oct. 08, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-45699

    Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.... Read more

    Affected Products : ecu-r_firmware ecu-r
    • Published: Feb. 10, 2023
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-29646

    Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.... Read more

    Affected Products : radare2
    • Published: Dec. 17, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-35410

    wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.... Read more

    Affected Products : wac
    • Published: Nov. 08, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-35418

    wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.... Read more

    Affected Products : wac
    • Published: Nov. 08, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-35419

    wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.... Read more

    Affected Products : wac
    • Published: Nov. 08, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-35420

    wac commit 385e1 was discovered to contain a heap overflow.... Read more

    Affected Products : wac
    • Published: Nov. 08, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-52533

    gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.... Read more

    • Published: Nov. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-50648

    yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.... Read more

    Affected Products : yshopmall
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-50649

    The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.... Read more

    Affected Products : python_book
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 8.4

    HIGH
    CVE-2025-3464

    A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advis... Read more

    Affected Products : armoury_crate
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2024-50650

    python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.... Read more

    Affected Products : python_book
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2024-51141

    An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.... Read more

    Affected Products : a6000ub_firmware a6000ub
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-50848

    An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.... Read more

    Affected Products : worldserver
    • Published: Nov. 18, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2025-3902

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1.... Read more

    Affected Products : block_class
    • Published: Apr. 23, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-33781

    MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-33782

    MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025
Showing 20 of 293548 Results