Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-56211

    Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9.... Read more

    Affected Products : userpro
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 5.2

    MEDIUM
    CVE-2024-49422

    Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 6.9

    MEDIUM
    CVE-2024-13067

    A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access contr... Read more

    Affected Products : online_food_ordering_system
    • Published: Dec. 31, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-11972

    The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including ... Read more

    Affected Products : hunk_companion
    • Published: Dec. 31, 2024
    • Modified: May. 17, 2025

  • 7.6

    HIGH
    CVE-2024-45497

    A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for ... Read more

    • Published: Dec. 31, 2024
    • Modified: Jul. 17, 2025

  • 8.8

    HIGH
    CVE-2024-13040

    The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account in... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-12839

    The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 8.8

    HIGH
    CVE-2024-12838

    The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including admini... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 4.8

    MEDIUM
    CVE-2024-13058

    An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron Hy... Read more

    Affected Products : hypercloud
    • Published: Dec. 30, 2024
    • Modified: Aug. 29, 2025

  • 7.8

    HIGH
    CVE-2024-13051

    Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required ... Read more

    Affected Products : graphite
    • Published: Dec. 30, 2024
    • Modified: Jan. 03, 2025

  • 7.8

    HIGH
    CVE-2024-13050

    Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required ... Read more

    Affected Products : graphite
    • Published: Dec. 30, 2024
    • Modified: Jan. 03, 2025

  • 7.8

    HIGH
    CVE-2024-13049

    Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this v... Read more

    Affected Products : cobalt
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-13048

    Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit t... Read more

    Affected Products : cobalt
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-13047

    Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this v... Read more

    Affected Products : cobalt
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-13046

    Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit t... Read more

    Affected Products : cobalt
    • Published: Dec. 30, 2024
    • Modified: Aug. 15, 2025

  • 7.8

    HIGH
    CVE-2024-13045

    Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to e... Read more

    Affected Products : cobalt
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-13044

    Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit t... Read more

    Affected Products : cobalt
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-13043

    Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privil... Read more

    Affected Products : panda_dome panda_dome
    • Published: Dec. 30, 2024
    • Modified: Jan. 03, 2025

  • 5.3

    MEDIUM
    CVE-2024-13042

    A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file /Searchnew/Subject/download.html. The manipulation of the argument... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Jan. 04, 2025

  • 7.3

    HIGH
    CVE-2024-12753

    Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged c... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 293612 Results