Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-41757

    IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using... Read more

    Affected Products : concert concert_software
    • Published: Jan. 24, 2025
    • Modified: Jul. 18, 2025

  • 5.3

    MEDIUM
    CVE-2024-40706

    IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.... Read more

    • Published: Jan. 24, 2025
    • Modified: Mar. 11, 2025

  • 8.0

    HIGH
    CVE-2024-40693

    IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it ... Read more

    Affected Products : planning_analytics_local
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.8

    HIGH
    CVE-2024-25034

    IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be se... Read more

    Affected Products : planning_analytics_local
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2024-13698

    The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including,... Read more

    Affected Products : jobify
    • Published: Jan. 24, 2025
    • Modified: Feb. 07, 2025

  • 8.5

    HIGH
    CVE-2025-22605

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user ... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.9

    MEDIUM
    CVE-2025-0697

    A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is ... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9499

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Feb. 18, 2025

  • 8.6

    HIGH
    CVE-2024-9498

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Feb. 18, 2025

  • 8.6

    HIGH
    CVE-2024-9497

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9496

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Feb. 18, 2025

  • 8.6

    HIGH
    CVE-2024-9495

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9494

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9493

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9492

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9491

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.6

    HIGH
    CVE-2024-9490

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.5

    MEDIUM
    CVE-2024-57184

    An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.... Read more

    Affected Products : gpac
    • Published: Jan. 24, 2025
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-41739

    IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.... Read more

    • Published: Jan. 24, 2025
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-11913

    The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Su... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 04, 2025
Showing 20 of 291128 Results