Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-52294

    Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by si... Read more

    Affected Products : khoj
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.8

    HIGH
    CVE-2024-12836

    Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025

  • 7.8

    HIGH
    CVE-2024-12835

    Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is requ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025

  • 7.8

    HIGH
    CVE-2024-12834

    Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required ... Read more

    Affected Products : drasimucad
    • Published: Dec. 30, 2024
    • Modified: Jul. 11, 2025

  • 9.9

    CRITICAL
    CVE-2024-12828

    Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exist... Read more

    Affected Products : webmin
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 5.5

    MEDIUM
    CVE-2024-12754

    AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the ... Read more

    Affected Products : anydesk
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-50703

    TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.... Read more

    Affected Products : teampass
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 5.4

    MEDIUM
    CVE-2024-50702

    TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.... Read more

    Affected Products : teampass
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-50701

    TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.... Read more

    Affected Products : teampass
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.2

    HIGH
    CVE-2024-54181

    IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.... Read more

    Affected Products : linux_kernel websphere_automation
    • Published: Dec. 30, 2024
    • Modified: Mar. 28, 2025

  • 9.3

    CRITICAL
    CVE-2024-10044

    A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to explo... Read more

    Affected Products : fastchat
    • Published: Dec. 30, 2024
    • Modified: Jul. 29, 2025

  • 4.8

    MEDIUM
    CVE-2024-12993

    Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges.  After multiple attempts to contact the v... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-47926

    Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Read more

    Affected Products : tcexam
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47925

    Tecnick TCExam – Multiple CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : tcexam
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47924

    Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 5.3

    MEDIUM
    CVE-2024-47923

    Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : mashov
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47922

    Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 8.4

    HIGH
    CVE-2024-47921

    Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 7.5

    HIGH
    CVE-2024-47920

    Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-47919

    Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024
Showing 20 of 293620 Results