Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-34014

    Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Feb. 27, 2025

  • 5.5

    MEDIUM
    CVE-2024-43086

    In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. U... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-32485

    Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : virtual_raid_on_cpu
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-52613

    A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Nov. 20, 2024

  • 5.5

    MEDIUM
    CVE-2023-20039

    A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vu... Read more

    Affected Products : industrial_network_director
    • Published: Nov. 15, 2024
    • Modified: Aug. 11, 2025

  • 5.5

    MEDIUM
    CVE-2024-51764

    A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-11404

    Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This ... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-9441

    In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 03, 2024
    • Modified: Dec. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-9978

    in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.... Read more

    Affected Products : openharmony
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-11093

    The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level ac... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2018-9408

    In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-52833

    Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of... Read more

    Affected Products : substance_3d_modeler
    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-53004

    Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : substance_3d_modeler
    • Published: Dec. 10, 2024
    • Modified: Dec. 12, 2024

  • 5.5

    MEDIUM
    CVE-2023-23356

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-47156

    Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.... Read more

    Affected Products : magicos
    • Published: Dec. 26, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-47154

    Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.... Read more

    Affected Products : magic_os magicos
    • Published: Dec. 26, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-47150

    Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.... Read more

    Affected Products : magic_os magicos
    • Published: Dec. 26, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-31913

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jan. 06, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-21615

    AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device.... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-49412

    Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.... Read more

    Affected Products : android
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
Showing 20 of 294755 Results