Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-47445

    After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : macos windows after_effects
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47444

    After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : macos windows after_effects
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47446

    After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : macos windows after_effects
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-47443

    After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ... Read more

    Affected Products : macos windows after_effects
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-47442

    After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ... Read more

    Affected Products : macos windows after_effects
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-47441

    After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ... Read more

    Affected Products : macos windows after_effects
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.1

    HIGH
    CVE-2024-29211

    A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.... Read more

    Affected Products : secure_access_client
    • Published: Nov. 13, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11074

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack ... Read more

    Affected Products : tailoring_management_system
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11077

    A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack r... Read more

    Affected Products : job_recruitment
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 8.5

    HIGH
    CVE-2024-51843

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Olland.Biz Horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through 1.3.... Read more

    Affected Products : horsemanager
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-5982

    A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the lo... Read more

    Affected Products : chuanhuchatgpt
    • Published: Oct. 29, 2024
    • Modified: Nov. 14, 2024

  • 2.7

    LOW
    CVE-2024-10672

    The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it po... Read more

    Affected Products : multiple_page_generator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 8.5

    HIGH
    CVE-2024-51837

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SONS Creative Development WP Contest allows SQL Injection.This issue affects WP Contest: from n/a through 1.0.0.... Read more

    Affected Products : wp-contest
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-50259

    In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() This was found by a static analyzer. We should not forget the trailing zero after copy_from_... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 7.6

    HIGH
    CVE-2024-47782

    WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or desc... Read more

    Affected Products : wikidiscover
    • Published: Oct. 07, 2024
    • Modified: Nov. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-47781

    CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If... Read more

    Affected Products : createwiki
    • Published: Oct. 07, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-50256

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-50255

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-50254

    In the Linux kernel, the following vulnerability has been resolved: bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() bpf_iter_bits_destroy() uses "kit->nr_bits <= 64" to check whether the bits are dynamically allocated. However, the check... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-50253

    In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nr_words in bpf_iter_bits_new() Check the validity of nr_words in bpf_iter_bits_new(). Without this check, when multiplication overflow occurs for nr_bits (e.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024
Showing 20 of 291394 Results