Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-43452

    Windows Registry Elevation of Privilege Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-43459

    SQL Server Native Client Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2021-41737

    In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route(3333333333333333333,2,1,2,3,1) : *;" leads to stack consumption.... Read more

    Affected Products :
    • Published: Nov. 10, 2024
    • Modified: Nov. 19, 2024

  • 9.1

    CRITICAL
    CVE-2021-35473

    An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handle... Read more

    Affected Products :
    • Published: Nov. 10, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-43462

    SQL Server Native Client Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 7.1

    HIGH
    CVE-2024-51679

    Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0.... Read more

    Affected Products : appointmind
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43498

    .NET and Visual Studio Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2024-43499

    .NET and Visual Studio Denial of Service Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 8.7

    HIGH
    CVE-2024-39609

    Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 8.7

    HIGH
    CVE-2024-41167

    Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : m10jnp2sb_firmware m10jnp2sb
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 8.1

    HIGH
    CVE-2024-11208

    A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity o... Read more

    Affected Products : central_authentication_service
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-50636

    PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11209

    A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotel... Read more

    Affected Products : central_authentication_service
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-10534

    Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Sec... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-48993

    SQL Server Native Client Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 7.6

    HIGH
    CVE-2024-1097

    A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the... Read more

    Affected Products : webcalendar
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-1240

    An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, whi... Read more

    Affected Products : pyload
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11237

    A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to s... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 7.2

    HIGH
    CVE-2024-11211

    A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit h... Read more

    Affected Products : eyoucms
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 6.9

    MEDIUM
    CVE-2024-11238

    A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath l... Read more

    Affected Products : landray_ekp
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291558 Results