Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11015

    The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access tok... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 8.1

    HIGH
    CVE-2024-10111

    The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This mak... Read more

    Affected Products : oauth_single_sign_on
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-55660

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allo... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55659

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a pa... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55658

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitr... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55657

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-55652

    PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the sys... Read more

    Affected Products : pwndoc
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-54534

    The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.... Read more

    • Published: Dec. 12, 2024
    • Modified: Apr. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-54531

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 16, 2024

  • 7.8

    HIGH
    CVE-2024-54529

    A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 20, 2024

  • 7.1

    HIGH
    CVE-2024-54528

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary files.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-54527

    This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-54526

    The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-54524

    A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2024-54515

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 8.6

    HIGH
    CVE-2024-54514

    The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 18, 2024

  • 5.7

    MEDIUM
    CVE-2024-54513

    A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 5.1

    MEDIUM
    CVE-2024-54510

    A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to leak sensitive kernel state... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    HIGH
    CVE-2024-54508

    The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process cr... Read more

    • Published: Dec. 12, 2024
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-54506

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 20, 2024
Showing 20 of 292238 Results