Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-47458

    Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of servic... Read more

    Affected Products : macos windows bridge
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 7.5

    HIGH
    CVE-2024-7010

    mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password ha... Read more

    Affected Products : localai
    • Published: Oct. 29, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-45147

    Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue ... Read more

    Affected Products : macos windows bridge
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 6.8

    MEDIUM
    CVE-2024-8881

    A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating sy... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 4.5

    MEDIUM
    CVE-2024-8882

    A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a ... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.3

    MEDIUM
    CVE-2024-49394

    In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.... Read more

    Affected Products : enterprise_linux mutt neomutt
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.3

    MEDIUM
    CVE-2024-49395

    In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.... Read more

    Affected Products : enterprise_linux mutt neomutt
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-10538

    The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output e... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11054

    A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload... Read more

    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-50235

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear wdev->cqm_config pointer on free When we free wdev->cqm_config when unregistering, we also need to clear out the pointer since the same wdev/netdev may get re-regi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 7.0

    HIGH
    CVE-2024-50234

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop. The reason seems to be a stale interrupt which isn't being cleared... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51576

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZA AMP Img Shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through 1.0.1.... Read more

    Affected Products : amp_img_shortcode
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51578

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luca Paggetti 3D Presentation allows Stored XSS.This issue affects 3D Presentation: from n/a through 1.0.... Read more

    Affected Products : 3d_presentation
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51577

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Camunda Services GmbH bpmn.Io allows Stored XSS.This issue affects bpmn.Io: from n/a through 1.0.... Read more

    Affected Products : bpmn.io
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51584

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Anas Edreesi Marquee Elementor with Posts allows DOM-Based XSS.This issue affects Marquee Elementor with Posts: from n/a through 1.2.0.... Read more

    Affected Products : marquee_elementor_with_posts
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 6.5

    MEDIUM
    CVE-2024-51583

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KentoThemes Kento Ads Rotator allows Stored XSS.This issue affects Kento Ads Rotator: from n/a through 1.3.... Read more

    Affected Products : kento_ads_rotator
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-44197

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to cause a denial-of-service.... Read more

    Affected Products : macos
    • Published: Oct. 28, 2024
    • Modified: Nov. 14, 2024

  • 7.5

    HIGH
    CVE-2024-44196

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • Published: Oct. 28, 2024
    • Modified: Nov. 14, 2024

  • 7.8

    HIGH
    CVE-2024-46951

    An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.... Read more

    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024

  • 8.4

    HIGH
    CVE-2024-46952

    An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).... Read more

    Affected Products : debian_linux ghostscript
    • Published: Nov. 10, 2024
    • Modified: Nov. 14, 2024
Showing 20 of 291368 Results