Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-47595

    An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.... Read more

    Affected Products : host_agent
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 9.0

    HIGH
    CVE-2024-11056

    A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is poss... Read more

    Affected Products : ac10_firmware ac10
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 8.8

    HIGH
    CVE-2024-49039

    Windows Task Scheduler Elevation of Privilege Vulnerability... Read more

    • Actively Exploited
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11055

    A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to s... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-10265

    The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1... Read more

    Affected Products : form_maker
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-11097

    A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requir... Read more

    Affected Products : student_record_management_system
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-49505

    A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the  REGEX and P parameters. This issue affects MirrorCache b... Read more

    Affected Products : mirrorcache
    • Published: Nov. 13, 2024
    • Modified: Nov. 14, 2024

  • 5.4

    MEDIUM
    CVE-2024-44296

    The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Con... Read more

    • Published: Oct. 28, 2024
    • Modified: Nov. 14, 2024

  • 7.3

    HIGH
    CVE-2024-10958

    The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an acti... Read more

    Affected Products : wp_photo_album_plus
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11099

    A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remote... Read more

    Affected Products : job_recruitment
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47449

    Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issu... Read more

    Affected Products : macos windows audition
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-47452

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open ... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-45114

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open ... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-47450

    Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-47451

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open ... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47453

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue req... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47454

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue req... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47455

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue req... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47456

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue req... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47457

    Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service c... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024
Showing 20 of 291275 Results