Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-45152

    Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45146

    Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicio... Read more

    Affected Products : macos windows dimension
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45150

    Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a m... Read more

    Affected Products : macos windows dimension
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-45145

    Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitatio... Read more

    Affected Products : lightroom
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45136

    InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious f... Read more

    Affected Products : macos windows incopy
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45137

    InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file w... Read more

    Affected Products : macos windows indesign
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 4.9

    MEDIUM
    CVE-2024-21193

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with netw... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024

  • 4.4

    MEDIUM
    CVE-2024-21192

    Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker w... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47424

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in ... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47423

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47422

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47421

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47425

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 6.6

    MEDIUM
    CVE-2024-41128

    Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dis... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.6

    MEDIUM
    CVE-2024-47889

    Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9347

    The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. ... Read more

    Affected Products : wp_extended
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9240

    The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthen... Read more

    Affected Products : redi_restaurant_reservation
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8719

    The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-47836

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more

    Affected Products : admidio
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 5.3

    MEDIUM
    CVE-2023-32266

    Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.   This issue affects Applic... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024
Showing 20 of 291739 Results