Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-12692

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Dec. 18, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-56145

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspeci... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: Dec. 18, 2024
    • Modified: Jun. 03, 2025

  • 5.9

    MEDIUM
    CVE-2024-56140

    Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perf... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-45338

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.... Read more

    Affected Products : networking
    • Published: Dec. 18, 2024
    • Modified: Feb. 21, 2025

  • 7.2

    HIGH
    CVE-2024-12686

    A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.... Read more

    • Actively Exploited
    • Published: Dec. 18, 2024
    • Modified: Jan. 14, 2025

  • 7.1

    HIGH
    CVE-2024-53271

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-53270

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullp... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-53269

    Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Use... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Aug. 28, 2025

  • 5.1

    MEDIUM
    CVE-2024-52593

    Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNote`, `ApPersonService.createPerson`, and `ApPersonService.updatePerson` allows an attacker to control the target of any "origi... Read more

    Affected Products : misskey
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 6.9

    MEDIUM
    CVE-2024-52592

    Misskey is an open source, federated social media platform. In affected versions missing validation in `ApInboxService.update` allows an attacker to modify the result of polls belonging to another user. No authentication is required, except for a valid si... Read more

    Affected Products : misskey
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2024-52591

    Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to create fake user profiles and forged notes. The spoofed user... Read more

    Affected Products : misskey
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2024-52590

    Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actuall... Read more

    Affected Products : misskey
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-52579

    Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF a... Read more

    Affected Products : misskey
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-51470

    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set valu... Read more

    Affected Products : mq mq_appliance mq_for_hpe_nonstop
    • Published: Dec. 18, 2024
    • Modified: Aug. 15, 2025

  • 7.4

    HIGH
    CVE-2024-49363

    Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating re... Read more

    Affected Products : misskey
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.2

    HIGH
    CVE-2024-36694

    OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.... Read more

    Affected Products : opencart
    • Published: Dec. 18, 2024
    • Modified: Apr. 22, 2025

  • 8.4

    HIGH
    CVE-2024-12741

    A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress ... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-56057

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.5

    HIGH
    CVE-2024-56055

    Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.1

    CRITICAL
    CVE-2024-56054

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024
Showing 20 of 293298 Results