Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2024-11858

    A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintende... Read more

    Affected Products : radare2
    • Published: Dec. 15, 2024
    • Modified: Aug. 05, 2025

  • 7.5

    HIGH
    CVE-2024-7701

    Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.... Read more

    Affected Products : toolkit
    • Published: Dec. 15, 2024
    • Modified: Aug. 05, 2025

  • 3.5

    LOW
    CVE-2024-56082

    ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true.... Read more

    Affected Products :
    • Published: Dec. 15, 2024
    • Modified: Dec. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-56074

    gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.... Read more

    Affected Products :
    • Published: Dec. 15, 2024
    • Modified: Dec. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-55969

    DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714.... Read more

    Affected Products :
    • Published: Dec. 15, 2024
    • Modified: Dec. 16, 2024

  • 7.5

    HIGH
    CVE-2024-56073

    An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash).... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-56072

    An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples.... Read more

    Affected Products : fastnetmon
    • Published: Dec. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-55970

    File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734.... Read more

    Affected Products :
    • Published: Dec. 15, 2024
    • Modified: Dec. 16, 2024

  • 7.5

    HIGH
    CVE-2024-31892

    IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.... Read more

    • Published: Dec. 14, 2024
    • Modified: Jul. 25, 2025

  • 7.8

    HIGH
    CVE-2024-31891

    IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host oper... Read more

    • Published: Dec. 14, 2024
    • Modified: Jul. 25, 2025

  • 8.1

    HIGH
    CVE-2024-11721

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This ma... Read more

    Affected Products : frontend_admin
    • Published: Dec. 14, 2024
    • Modified: Jun. 05, 2025

  • 7.2

    HIGH
    CVE-2024-11720

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This ... Read more

    Affected Products : frontend_admin
    • Published: Dec. 14, 2024
    • Modified: Jun. 05, 2025

  • 4.4

    MEDIUM
    CVE-2024-12628

    The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12446

    The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attribut... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-11715

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. Th... Read more

    Affected Products : wp_job_portal
    • Published: Dec. 14, 2024
    • Modified: Feb. 06, 2025

  • 4.9

    MEDIUM
    CVE-2024-11714

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to ... Read more

    Affected Products : wp_job_portal
    • Published: Dec. 14, 2024
    • Modified: Feb. 06, 2025

  • 4.9

    MEDIUM
    CVE-2024-11713

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to ... Read more

    Affected Products : wp_job_portal
    • Published: Dec. 14, 2024
    • Modified: Feb. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-11712

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and i... Read more

    Affected Products : wp_job_portal
    • Published: Dec. 14, 2024
    • Modified: Feb. 05, 2025

  • 7.5

    HIGH
    CVE-2024-11711

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user suppli... Read more

    Affected Products : wp_job_portal
    • Published: Dec. 14, 2024
    • Modified: Feb. 05, 2025

  • 4.9

    MEDIUM
    CVE-2024-11710

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient ... Read more

    Affected Products : wp_job_portal
    • Published: Dec. 14, 2024
    • Modified: Feb. 05, 2025
Showing 20 of 292714 Results