Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-9679

    A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 4.9

    MEDIUM
    CVE-2024-9678

    An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.1

    HIGH
    CVE-2024-12646

    The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticate... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-12645

    The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.1

    HIGH
    CVE-2024-12644

    The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.1

    HIGH
    CVE-2024-12643

    The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.1

    HIGH
    CVE-2024-12642

    TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthentica... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.6

    CRITICAL
    CVE-2024-12641

    TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, una... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-5333

    The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.... Read more

    Affected Products : the_events_calendar
    • Published: Dec. 16, 2024
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2024-56112

    CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.... Read more

    Affected Products : cyberpanel
    • Published: Dec. 16, 2024
    • Modified: Sep. 05, 2025

  • 5.9

    MEDIUM
    CVE-2024-56087

    An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.... Read more

    Affected Products : siem
    • Published: Dec. 16, 2024
    • Modified: Apr. 17, 2025

  • 7.1

    HIGH
    CVE-2024-56086

    An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.... Read more

    Affected Products : siem
    • Published: Dec. 16, 2024
    • Modified: Apr. 17, 2025

  • 5.9

    MEDIUM
    CVE-2024-56085

    An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.... Read more

    Affected Products : siem
    • Published: Dec. 16, 2024
    • Modified: Apr. 17, 2025

  • 7.1

    HIGH
    CVE-2024-56084

    An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.... Read more

    Affected Products : universal_normalizer
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-11841

    The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to p... Read more

    Affected Products : tithe.ly_giving_button
    • Published: Dec. 16, 2024
    • Modified: May. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-8650

    An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests.... Read more

    Affected Products : gitlab
    • Published: Dec. 16, 2024
    • Modified: Jul. 11, 2025

  • 5.3

    MEDIUM
    CVE-2024-8116

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names.... Read more

    Affected Products : gitlab
    • Published: Dec. 16, 2024
    • Modified: Jul. 11, 2025

  • 8.8

    HIGH
    CVE-2024-53376

    CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.... Read more

    Affected Products : cyberpanel
    • Published: Dec. 16, 2024
    • Modified: Sep. 05, 2025

  • 8.1

    HIGH
    CVE-2024-56083

    Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific "Use Devin's Machine" session. For example, this URL... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.5

    HIGH
    CVE-2024-8798

    No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.... Read more

    Affected Products : zephyr
    • Published: Dec. 16, 2024
    • Modified: Feb. 03, 2025
Showing 20 of 292714 Results