Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    CVSS31
    CVE-2024-54538

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may ... Read more

    Affected Products : macos iphone_os tvos watchos visionos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 9.1

    CVSS31
    CVE-2024-54150

    cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate b... Read more

    Affected Products : cjwt
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024

  • 0.0

    NONE
    CVE-2024-12672

    A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code... Read more

    Affected Products : arena
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024

  • 8.6

    CVSS31
    CVE-2022-32144

    There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 3.3

    CVSS31
    CVE-2020-9250

    There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the servic... Read more

    Affected Products : mate_20_pro_firmware
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.7

    CVSS31
    CVE-2024-8968

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-44298

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-44293

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-44292

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-44231

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-44211

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-44195

    A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-21549

    Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arb... Read more

    Affected Products : browsershot
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.8

    CVSS31
    CVE-2024-12677

    Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.4

    CVSS31
    CVE-2024-11108

    The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.8

    CVSS31
    CVE-2024-10706

    The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : wordpress_download_manager
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.8

    CVSS31
    CVE-2024-10555

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.8

    CVSS31
    CVE-2024-7726

    There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 0.0

    NONE
    CVE-2024-56337

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomp... Read more

    Affected Products : tomcat
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.0

    CVSS31
    CVE-2024-12840

    A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024
Showing 20 of 146 Results
© cvefeed.io
Latest DB Update: Dec. 21, 2024 18:35