Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-57079

    A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57078

    A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-57077

    The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, ca... Read more

    Affected Products : utils-extend
    • Published: Feb. 05, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-57076

    A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57075

    A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57074

    A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57072

    A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57071

    A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57069

    A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57068

    A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57067

    A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57066

    A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57065

    A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57064

    A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. NOTE: the Supplier disputes this because they found that the lib.setValue functi... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-57063

    A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-54853

    A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspect... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-48394

    A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2020-36084

    SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.... Read more

    Affected Products : responsive_e-learning_system
    • Published: Feb. 05, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-24805

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materia... Read more

    Affected Products : mobile_security_framework
    • Published: Feb. 05, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-24804

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric c... Read more

    Affected Products : mobile_security_framework
    • Published: Feb. 05, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291531 Results