Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-25450

    imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().... Read more

    Affected Products : imlib2
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2024-25318

    Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.... Read more

    Affected Products : hotel_management_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 6.1

    MEDIUM
    CVE-2024-24034

    Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.... Read more

    Affected Products : s.i.l
    • Published: Feb. 08, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2024-22749

    GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577... Read more

    Affected Products : gpac
    • Published: Jan. 25, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2024-22562

    swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-22050

    Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. ... Read more

    Affected Products : iodine
    • Published: Jan. 04, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2024-21833

    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-21780

    Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.... Read more

    • Published: Feb. 02, 2024
    • Modified: Jun. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-0811

    Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51984

    D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.... Read more

    Affected Products : dir-822_firmware dir-822
    • Published: Jan. 11, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51968

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51960

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2023-51939

    An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.... Read more

    Affected Products : relic
    • Published: Feb. 01, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51928

    An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51927

    YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51924

    An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51889

    Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.... Read more

    Affected Products : mathtex
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-51838

    Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.... Read more

    Affected Products : meshcentral
    • Published: Feb. 02, 2024
    • Modified: Jun. 16, 2025

  • 7.3

    HIGH
    CVE-2023-51751

    ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.... Read more

    Affected Products : windows scalefusion
    • Published: Jan. 11, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51717

    Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.... Read more

    Affected Products : data_science_studio
    • Published: Jan. 09, 2024
    • Modified: Jun. 16, 2025
Showing 20 of 293542 Results