Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-10926

    A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross ... Read more

    Affected Products : ibwebadmin
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-51988

    RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some per... Read more

    Affected Products : rabbitmq_server
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 3.1

    LOW
    CVE-2024-50341

    symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly... Read more

    Affected Products : symfony
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 3.1

    LOW
    CVE-2024-50345

    symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can tr... Read more

    Affected Products : symfony
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.3

    CRITICAL
    CVE-2024-51990

    jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable t... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 7.3

    HIGH
    CVE-2024-50340

    symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able ... Read more

    Affected Products : symfony
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 3.1

    LOW
    CVE-2024-50343

    symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of ve... Read more

    Affected Products : symfony
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 3.1

    LOW
    CVE-2024-50342

    symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host res... Read more

    Affected Products : symfony
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 2.2

    LOW
    CVE-2024-51755

    Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the sec... Read more

    Affected Products : twig
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2023-1973

    A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.... Read more

    Affected Products : undertow
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 7.7

    HIGH
    CVE-2024-10975

    Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed... Read more

    Affected Products : nomad
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 7.8

    HIGH
    CVE-2024-50591

    An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by comm... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-10621

    The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplie... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 6.0

    MEDIUM
    CVE-2024-10824

    An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization ... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 8.6

    HIGH
    CVE-2024-51998

    changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, ... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-36063

    The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivi... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-51987

    Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occ... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 0.0

    NA
    CVE-2024-50199

    In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 6.2

    MEDIUM
    CVE-2019-20472

    An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for a... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 8.1

    HIGH
    CVE-2024-46961

    The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component.... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024
Showing 20 of 291216 Results