Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-3130

    Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app ... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2024-3088

    A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument u... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 30, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2024-3052

    Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.... Read more

    Affected Products : z\/ip_gateway_sdk
    • Published: Apr. 26, 2024
    • Modified: Aug. 27, 2025

  • 3.3

    LOW
    CVE-2024-39286

    Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-37471

    Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.... Read more

    Affected Products : woffice
    • Published: Jul. 04, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37006

    A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execut... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37005

    A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of ... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37004

    A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37003

    A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, ... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 7.8

    HIGH
    CVE-2024-37002

    A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37001

    A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in t... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37000

    A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution i... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 7.8

    HIGH
    CVE-2024-36999

    A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the contex... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-36248

    API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Aug. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-35244

    There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected prod... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Aug. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-34064

    Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a sep... Read more

    Affected Products : jinja
    • Published: May. 06, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-33647

    A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed pr... Read more

    Affected Products : polarion_alm
    • Published: May. 14, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-33631

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. ... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Aug. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-33542

    Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.... Read more

    Affected Products : crelly_slider
    • Published: Apr. 29, 2024
    • Modified: Aug. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-32085

    Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0.... Read more

    Affected Products : citadela_listing
    • Published: Apr. 15, 2024
    • Modified: Aug. 27, 2025
Showing 20 of 292238 Results