Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2024-56053

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-56052

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.5

    HIGH
    CVE-2024-56051

    Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-56050

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.5

    HIGH
    CVE-2024-56049

    Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2024-56048

    Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.5

    HIGH
    CVE-2024-56047

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.6

    HIGH
    CVE-2024-55953

    DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has ... Read more

    Affected Products : dataease
    • Published: Dec. 18, 2024
    • Modified: Feb. 20, 2025

  • 8.8

    HIGH
    CVE-2024-55952

    DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/test/?so... Read more

    Affected Products : dataease
    • Published: Dec. 18, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-54383

    Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.1

    HIGH
    CVE-2024-54381

    Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.6

    HIGH
    CVE-2024-49202

    Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-49201

    Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-47040

    There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47039

    In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47038

    In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for ... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 9.1

    CRITICAL
    CVE-2024-55089

    Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function.... Read more

    Affected Products : rhymix
    • Published: Dec. 18, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-55088

    GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-55492

    Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).... Read more

    Affected Products : winmail_server
    • Published: Dec. 18, 2024
    • Modified: Jul. 17, 2025

  • 7.2

    HIGH
    CVE-2024-55086

    In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 18, 2025
Showing 20 of 293258 Results