Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-26115

    An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS comma... Read more

    Affected Products : fortiwan
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 8.8

    HIGH
    CVE-2020-15934

    An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target ma... Read more

    Affected Products : forticlient
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 8.8

    HIGH
    CVE-2020-12820

    Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbi... Read more

    Affected Products : fortios
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 5.6

    MEDIUM
    CVE-2024-11616

    Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jun. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-4617

    Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values.  This issue affects Govee Home ap... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2024-12569

    Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-4230

    External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious cod... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2024-4229

    Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resul... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.3

    HIGH
    CVE-2021-26093

    An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.... Read more

    Affected Products : fortiwlc
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 7.5

    HIGH
    CVE-2020-12819

    A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by send... Read more

    Affected Products : fortios
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-12560

    The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for a... Read more

    Affected Products : button_block
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-11768

    The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for u... Read more

    Affected Products : download_manager download_manager
    • Published: Dec. 19, 2024
    • Modified: Mar. 21, 2025

  • 7.3

    HIGH
    CVE-2024-11740

    The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before runni... Read more

    Affected Products : download_manager download_manager
    • Published: Dec. 19, 2024
    • Modified: Mar. 21, 2025

  • 9.4

    CRITICAL
    CVE-2024-11984

    A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with S... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024

  • 7.1

    HIGH
    CVE-2024-51532

    Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary sy... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 29, 2025

  • 7.8

    HIGH
    CVE-2024-35141

    IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.... Read more

    Affected Products : db2 security_verify_access_docker
    • Published: Dec. 19, 2024
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-12121

    The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-10548

    The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authe... Read more

    Affected Products : wp_project_manager
    • Published: Dec. 19, 2024
    • Modified: Feb. 05, 2025

  • 6.5

    MEDIUM
    CVE-2023-30443

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.... Read more

    Affected Products : linux_kernel aix hp-ux db2 solaris windows
    • Published: Dec. 19, 2024
    • Modified: Jan. 31, 2025

  • 4.8

    MEDIUM
    CVE-2023-23357

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read applicat... Read more

    Affected Products : qulog_center
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 293343 Results