Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2024-31580

    PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : pytorch
    • Published: Apr. 17, 2024
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2024-35618

    PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer.... Read more

    Affected Products : tidb
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-35373

    Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.... Read more

    Affected Products : mocodo_online
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-35374

    Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain ... Read more

    Affected Products : mocodo_online
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025

  • 6.3

    MEDIUM
    CVE-2024-34852

    F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name ... Read more

    Affected Products : datacube3_firmware datacube3
    • Published: May. 28, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-34854

    F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`... Read more

    Affected Products : datacube3_firmware datacube3
    • Published: May. 28, 2024
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2023-36235

    An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.... Read more

    Affected Products : qloapps
    • Published: Jan. 17, 2024
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2023-30305

    An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service.... Read more

    Affected Products : e5600_firmware e5600
    • Published: May. 28, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-28390

    An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control.... Read more

    Affected Products : ultimateimagetool image_toolbox\
    • Published: Mar. 14, 2024
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2024-26529

    An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.... Read more

    Affected Products : libiec61850
    • Published: Mar. 13, 2024
    • Modified: Jun. 10, 2025

  • 7.5

    HIGH
    CVE-2024-8474

    OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic... Read more

    Affected Products : connect
    • Published: Jan. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-5594

    OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.... Read more

    Affected Products : openvpn
    • Published: Jan. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-28882

    OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session... Read more

    Affected Products : openvpn
    • Published: Jul. 08, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-28391

    SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, get... Read more

    Affected Products : prestashop b2b_quick_order_form
    • Published: Mar. 14, 2024
    • Modified: Jun. 10, 2025

  • 7.8

    HIGH
    CVE-2025-32454

    A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412 (All ... Read more

    • Published: May. 13, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-30280

    A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All ... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-23363

    A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V... Read more

    Affected Products : teamcenter
    • Published: Feb. 11, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2024-56182

    A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29... Read more

    • Published: Mar. 11, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2024-56181

    A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2024-34347

    @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javas... Read more

    Affected Products : hoppscotch
    • Published: May. 08, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 293360 Results