Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2020-6923

    The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.2

    MEDIUM
    CVE-2024-52897

    IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    • Published: Dec. 19, 2024
    • Modified: Aug. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-51471

    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.... Read more

    Affected Products : mq_appliance
    • Published: Dec. 19, 2024
    • Modified: Jul. 03, 2025

  • 6.5

    MEDIUM
    CVE-2024-49336

    IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : security_guardium
    • Published: Dec. 19, 2024
    • Modified: Feb. 25, 2025

  • 7.5

    HIGH
    CVE-2024-38819

    Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to t... Read more

    Affected Products : spring_framework
    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-12794

    A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to ... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Jan. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-12793

    A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path tra... Read more

    Affected Products : pbootcms
    • Published: Dec. 19, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-12792

    A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launche... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-12791

    A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotel... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Jan. 06, 2025

  • 7.5

    HIGH
    CVE-2023-7005

    A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-55081

    An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 02, 2025

  • 6.2

    MEDIUM
    CVE-2024-52896

    IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    • Published: Dec. 19, 2024
    • Modified: Aug. 19, 2025

  • 2.4

    LOW
    CVE-2024-12801

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 03, 2025

  • 8.2

    HIGH
    CVE-2024-12790

    A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated r... Read more

    Affected Products : hostel_management_system
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-12789

    A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initi... Read more

    Affected Products : pbootcms
    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-12788

    A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack ... Read more

    Affected Products : technical_discussion_forum
    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 5.3

    MEDIUM
    CVE-2021-22501

    Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation.  The vulnerability could be exploited to confidential information This issue affects Operations Bridge Manager: 20... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 8.6

    HIGH
    CVE-2024-9154

    A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633).... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 22, 2024

  • 7.5

    HIGH
    CVE-2024-55082

    A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 02, 2025

  • 4.8

    MEDIUM
    CVE-2024-38864

    Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.... Read more

    Affected Products : checkmk windows checkmk
    • Published: Dec. 19, 2024
    • Modified: Aug. 25, 2025
Showing 20 of 293363 Results