Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-13044

    Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit t... Read more

    Affected Products : cobalt
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-13043

    Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privil... Read more

    Affected Products : panda_dome panda_dome
    • Published: Dec. 30, 2024
    • Modified: Jan. 03, 2025

  • 5.3

    MEDIUM
    CVE-2024-13042

    A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file /Searchnew/Subject/download.html. The manipulation of the argument... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Jan. 04, 2025

  • 7.3

    HIGH
    CVE-2024-12753

    Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged c... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12752

    Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12751

    Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerabilit... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Dec. 30, 2024
    • Modified: Aug. 08, 2025

  • 6.5

    MEDIUM
    CVE-2024-11946

    iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS de... Read more

    Affected Products : truenas_firmware truenas
    • Published: Dec. 30, 2024
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2024-11944

    iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not... Read more

    Affected Products : truenas_firmware truenas
    • Published: Dec. 30, 2024
    • Modified: Aug. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-56801

    Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability.... Read more

    Affected Products : tasklists
    • Published: Dec. 30, 2024
    • Modified: Feb. 07, 2025

  • 7.4

    HIGH
    CVE-2024-56800

    Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 10.0

    CRITICAL
    CVE-2024-56799

    Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has ... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-46542

    Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks.... Read more

    Affected Products : data_insight
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.9

    HIGH
    CVE-2024-56734

    Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites... Read more

    Affected Products : better_auth
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 5.7

    MEDIUM
    CVE-2024-56733

    Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing sess... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 5.3

    MEDIUM
    CVE-2024-56517

    LGSL (Live Game Server List) provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the `Referer` HTTP header. The vulnerability allows attackers to inject arbitrar... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 6.9

    MEDIUM
    CVE-2024-56516

    free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographica... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-52294

    Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by si... Read more

    Affected Products : khoj
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.8

    HIGH
    CVE-2024-12836

    Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025

  • 7.8

    HIGH
    CVE-2024-12835

    Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is requ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025

  • 7.8

    HIGH
    CVE-2024-12834

    Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025
Showing 20 of 293616 Results