Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-24200

    An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may h... Read more

    Affected Products : iphone_os ipados
    • Actively Exploited
    • Published: Feb. 10, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-1153

    A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The comple... Read more

    Affected Products : binutils
    • Published: Feb. 10, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-8550

    A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipul... Read more

    Affected Products : agentscope
    • Published: Feb. 10, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-54658

    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.... Read more

    • Published: Feb. 10, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-46437

    A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded adm... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.3

    HIGH
    CVE-2024-46436

    Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2024-46435

    A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation ... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-46434

    Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-46433

    A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-46432

    Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative ... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2024-46431

    Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-46430

    Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST reque... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-46429

    A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.... Read more

    Affected Products : w18e_firmware w18e
    • Published: Feb. 10, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-42513

    Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.... Read more

    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2024-42512

    Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.... Read more

    Affected Products : simatic_energy_manager_pro
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-27859

    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Feb. 10, 2025
    • Modified: Mar. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-13059

    A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in rem... Read more

    Affected Products : anythingllm
    • Published: Feb. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-13011

    The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. This makes it possible for unauthenticated atta... Read more

    Affected Products : foodbakery
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-13010

    The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter. This makes it possible for unauthentica... Read more

    Affected Products : foodbakery
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-10649

    wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, sto... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291638 Results