Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-56198

    path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-53647

    Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service.... Read more

    Affected Products : idsecurity
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 7.8

    HIGH
    CVE-2024-52050

    A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target... Read more

    Affected Products : apexone_op apexone_saas
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 7.8

    HIGH
    CVE-2024-52049

    A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048. Please note: an attacker must first o... Read more

    Affected Products : apexone_op apexone_saas
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 7.8

    HIGH
    CVE-2024-52048

    A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52049. Please note: an attacker must first o... Read more

    Affected Products : apexone_op apexone_saas
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-52047

    A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target s... Read more

    Affected Products : apex_one
    • Published: Dec. 31, 2024
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2024-25133

    A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-13072

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-customer-services.php of the component Customer Detail Handler. The... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 8.8

    HIGH
    CVE-2024-13070

    A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_users.php of the component Update User Page. The manipulation of... Read more

    Affected Products : online_food_ordering_system
    • Published: Dec. 31, 2024
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2023-6603

    A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 31, 2024
    • Modified: Aug. 21, 2025

  • 5.3

    MEDIUM
    CVE-2023-6602

    A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 31, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-56207

    Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard Dev Team EditionGuard for WooCommerce – eBook Sales with DRM allows Privilege Escalation.This issue affects EditionGuard for WooCommerce – eBook Sales with DRM: from n/a through 3.4.2.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-56206

    Cross-Site Request Forgery (CSRF) vulnerability in Amarjeet Amar allows Authentication Bypass.This issue affects gap-hub-user-role: from n/a through 3.4.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-56204

    Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Sinking Dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through 1.25.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-56203

    Cross-Site Request Forgery (CSRF) vulnerability in George Holmes II Wayne Audio Player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 7.4

    HIGH
    CVE-2024-56070

    Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-56066

    Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-56061

    Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119.... Read more

    Affected Products : computer_repair_shop
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.3

    CRITICAL
    CVE-2024-56045

    Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.... Read more

    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-56044

    Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS allows Authentication Bypass.This issue affects WPLMS: from n/a through 1.9.9.... Read more

    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024
Showing 20 of 293607 Results