Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-56430

    OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-scheme.cpp.... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-56431

    oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.... Read more

    Affected Products : libtheora theora
    • Published: Dec. 25, 2024
    • Modified: Apr. 25, 2025

  • 6.5

    MEDIUM
    CVE-2024-52543

    Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : nativeedge_orchestrator
    • Published: Dec. 25, 2024
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-52534

    Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.... Read more

    Affected Products : elastic_cloud_storage
    • Published: Dec. 25, 2024
    • Modified: Jan. 21, 2025

  • 7.5

    HIGH
    CVE-2024-53291

    Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : nativeedge_orchestrator
    • Published: Dec. 25, 2024
    • Modified: Jan. 29, 2025

  • 5.5

    MEDIUM
    CVE-2024-52906

    IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.... Read more

    Affected Products : aix vios
    • Published: Dec. 25, 2024
    • Modified: Jul. 25, 2025

  • 8.8

    HIGH
    CVE-2024-52535

    Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user co... Read more

    • Published: Dec. 25, 2024
    • Modified: Jan. 29, 2025

  • 7.8

    HIGH
    CVE-2024-47978

    Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    Affected Products : nativeedge_orchestrator
    • Published: Dec. 25, 2024
    • Modified: Jan. 29, 2025

  • 5.5

    MEDIUM
    CVE-2024-47102

    IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.... Read more

    Affected Products : aix vios
    • Published: Dec. 25, 2024
    • Modified: Jul. 25, 2025

  • 3.7

    LOW
    CVE-2023-5117

    An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the ... Read more

    Affected Products : gitlab
    • Published: Dec. 25, 2024
    • Modified: Jul. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-39727

    IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions... Read more

    • Published: Dec. 25, 2024
    • Modified: Jan. 10, 2025

  • 5.3

    MEDIUM
    CVE-2024-39725

    IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attac... Read more

    • Published: Dec. 25, 2024
    • Modified: Jan. 10, 2025

  • 9.9

    CRITICAL
    CVE-2024-8950

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automation: before 27.09.2024.... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 10.0

    CRITICAL
    CVE-2024-52046

    The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process ... Read more

    Affected Products : mina
    • Published: Dec. 25, 2024
    • Modified: Feb. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-12335

    The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts ca... Read more

    Affected Products : avada avada_builder
    • Published: Dec. 25, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-11281

    The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for ... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 4.9

    MEDIUM
    CVE-2024-10862

    The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parame... Read more

    Affected Products : nex-forms
    • Published: Dec. 25, 2024
    • Modified: Jan. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-10858

    The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.... Read more

    Affected Products : jetpack
    • Published: Dec. 25, 2024
    • Modified: May. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-12636

    The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 7.5

    HIGH
    CVE-2024-12428

    The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied pa... Read more

    Affected Products :
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024
Showing 20 of 293436 Results