Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-57556

    Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component... Read more

    Affected Products : store
    • Published: Jan. 23, 2025
    • Modified: Feb. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-57386

    Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.... Read more

    Affected Products : wallos
    • Published: Jan. 23, 2025
    • Modified: Jan. 31, 2025

  • 5.4

    MEDIUM
    CVE-2024-57329

    HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.... Read more

    Affected Products : hortusfox
    • Published: Jan. 23, 2025
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-57328

    A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass au... Read more

    Affected Products : online_food_ordering_system
    • Published: Jan. 23, 2025
    • Modified: Jan. 29, 2025

  • 6.1

    MEDIUM
    CVE-2024-57326

    A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the s... Read more

    Affected Products : online_pizza_delivery_system
    • Published: Jan. 23, 2025
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-55195

    An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-55194

    OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.... Read more

    Affected Products : openimageio
    • Published: Jan. 23, 2025
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-55193

    OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.... Read more

    Affected Products : openimageio
    • Published: Jan. 23, 2025
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-55192

    OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).... Read more

    Affected Products : openimageio
    • Published: Jan. 23, 2025
    • Modified: Feb. 05, 2025

  • 9.1

    CRITICAL
    CVE-2024-53923

    An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media.... Read more

    Affected Products : centreon_web
    • Published: Jan. 23, 2025
    • Modified: Jun. 06, 2025

  • 7.8

    HIGH
    CVE-2024-53588

    A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 24, 2025

  • 5.5

    MEDIUM
    CVE-2024-50665

    gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.... Read more

    Affected Products : gpac
    • Published: Jan. 23, 2025
    • Modified: Feb. 11, 2025

  • 7.8

    HIGH
    CVE-2024-50664

    gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.... Read more

    Affected Products : gpac
    • Published: Jan. 23, 2025
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-46401

    KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.... Read more

    Affected Products : kwhotel
    • Published: Jan. 23, 2025
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-46400

    KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.... Read more

    Affected Products : kwhotel
    • Published: Jan. 23, 2025
    • Modified: Feb. 07, 2025

  • 8.7

    HIGH
    CVE-2025-23012

    Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 03, 2025

  • 8.8

    HIGH
    CVE-2025-23011

    Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthen... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 03, 2025

  • 5.0

    MEDIUM
    CVE-2025-24353

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise t... Read more

    Affected Products : directus
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 3.2

    LOW
    CVE-2025-24034

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access to... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 7.5

    HIGH
    CVE-2025-24033

    @fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.... Read more

    Affected Products : fastify-multipart
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
Showing 20 of 291132 Results