Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-55088

    GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-55492

    Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).... Read more

    Affected Products : winmail_server
    • Published: Dec. 18, 2024
    • Modified: Jul. 17, 2025

  • 7.2

    HIGH
    CVE-2024-55086

    In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 18, 2025

  • 6.8

    MEDIUM
    CVE-2024-45082

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit ... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-41752

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the h... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-25042

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 5.7

    MEDIUM
    CVE-2024-52361

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2024-49576

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and ... Read more

    Affected Products : pdf_reader
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2024-47810

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in ar... Read more

    Affected Products : pdf_reader
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2024-47119

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2024-12373

    A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-12372

    A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing fo... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-12371

    A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edi... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 4.9

    MEDIUM
    CVE-2023-50956

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 09, 2025

  • 5.3

    MEDIUM
    CVE-2024-56128

    Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 58... Read more

    Affected Products : kafka
    • Published: Dec. 18, 2024
    • Modified: Jun. 20, 2025

  • 5.0

    MEDIUM
    CVE-2024-50570

    A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a loca... Read more

    Affected Products : forticlient
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 7.2

    HIGH
    CVE-2024-48889

    An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and Fo... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Dec. 18, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-34990

    A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.... Read more

    Affected Products : fortiwlm
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-56059

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-56058

    Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024
Showing 20 of 293261 Results