Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-36558

    Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cryptography

  • 6.6

    MEDIUM
    CVE-2024-36557

    The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to the IMEI of a... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-36556

    Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-36555

    Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allows malicious users to change the device IMEI-... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-36554

    Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the dev... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2024-36553

    Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 10, 2025

  • 4.0

    MEDIUM
    CVE-2025-22866

    Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage i... Read more

    Affected Products : go
    • Published: Feb. 06, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2025-1078

    A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component ... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-57599

    Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php... Read more

    Affected Products : douphp
    • Published: Feb. 06, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-57430

    An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privile... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 06, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-57429

    A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 06, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.3

    CRITICAL
    CVE-2024-57428

    A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject ... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 06, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-57427

    PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 06, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2024-43779

    An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    CRITICAL
    CVE-2024-39272

    A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger ... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-39033

    In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-13614

    Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kas... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-40916

    Tiny File Manager v2.4.7 and below is vulnerable to session fixation.... Read more

    Affected Products : tiny_file_manager
    • Published: Feb. 06, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2022-40490

    Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.... Read more

    Affected Products : tiny_file_manager
    • Published: Feb. 06, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0994

    Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s... Read more

    Affected Products : cityworks
    • Actively Exploited
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291608 Results