Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-49775

    A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All version... Read more

    • Published: Dec. 16, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-37251

    Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.... Read more

    Affected Products : advanced_custom_fields
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.2

    HIGH
    CVE-2024-12668

    Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the Win... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.7

    HIGH
    CVE-2024-12092

    A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.7

    HIGH
    CVE-2024-12091

    A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.7

    HIGH
    CVE-2024-12090

    A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.7

    HIGH
    CVE-2024-12089

    A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.3

    HIGH
    CVE-2024-10972

    Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode applicati... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-12478

    A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload.... Read more

    Affected Products : invoiceplane
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-12362

    A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the att... Read more

    Affected Products : invoiceplane
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-54682

    Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-54083

    Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a spec... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 4.8

    MEDIUM
    CVE-2024-48872

    Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-9679

    A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 4.9

    MEDIUM
    CVE-2024-9678

    An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.1

    HIGH
    CVE-2024-12646

    The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticate... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-12645

    The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 7.1

    HIGH
    CVE-2024-12644

    The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.1

    HIGH
    CVE-2024-12643

    The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 8.1

    HIGH
    CVE-2024-12642

    TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthentica... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024
Showing 20 of 292727 Results