Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-40959

    A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF) <= 4.1.6 and <=5.0 was identified on the subpage `/process_management/process_status.xhr.php`. This vulnerability allows an attacker to injec... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 25, 2024

  • 7.8

    HIGH
    CVE-2020-13712

    A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected.  MG90 running MGOS 4.2.1 or earlier is affected.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 26, 2024

  • 8.1

    HIGH
    CVE-2024-56359

    grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javasc... Read more

    Affected Products : grist-core
    • Published: Dec. 20, 2024
    • Modified: Mar. 12, 2025

  • 8.1

    HIGH
    CVE-2024-56358

    grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has b... Read more

    Affected Products : grist-core
    • Published: Dec. 20, 2024
    • Modified: Mar. 12, 2025

  • 8.1

    HIGH
    CVE-2024-56357

    grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect URLs. T... Read more

    Affected Products : grist-core
    • Published: Dec. 20, 2024
    • Modified: Mar. 12, 2025

  • 7.6

    HIGH
    CVE-2024-56335

    vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user ac... Read more

    Affected Products : vaultwarden
    • Published: Dec. 20, 2024
    • Modified: Aug. 19, 2025

  • 7.8

    HIGH
    CVE-2024-56334

    systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID c... Read more

    Affected Products : systeminformation
    • Published: Dec. 20, 2024
    • Modified: Dec. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-55509

    SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component.... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 20, 2024
    • Modified: Apr. 03, 2025

  • 5.9

    MEDIUM
    CVE-2024-40875

    There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when ... Read more

    Affected Products : secure_access
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.9

    MEDIUM
    CVE-2024-12844

    A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remote... Read more

    Affected Products : emlog
    • Published: Dec. 20, 2024
    • Modified: Jan. 07, 2025

  • 6.9

    MEDIUM
    CVE-2024-12843

    A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initia... Read more

    Affected Products : emlog
    • Published: Dec. 20, 2024
    • Modified: Jan. 07, 2025

  • 9.4

    CRITICAL
    CVE-2024-56333

    Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.8

    MEDIUM
    CVE-2024-56331

    Uptime Kuma is an open source, self-hosted monitoring tool. An **Improper URL Handling Vulnerability** allows an attacker to access sensitive local files on the server by exploiting the `file:///` protocol. This vulnerability is triggered via the **"real-... Read more

    Affected Products : uptime_kuma
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 9.3

    CRITICAL
    CVE-2024-56330

    Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication (ICC) is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The probl... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 8.9

    HIGH
    CVE-2024-56329

    Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an alrea... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.7

    MEDIUM
    CVE-2024-55341

    A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.... Read more

    Affected Products : piranha_cms
    • Published: Dec. 20, 2024
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2024-12867

    Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.9

    MEDIUM
    CVE-2024-12842

    A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiat... Read more

    Affected Products : emlog
    • Published: Dec. 20, 2024
    • Modified: Jun. 05, 2025

  • 4.7

    MEDIUM
    CVE-2024-55342

    A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in t... Read more

    Affected Products : piranha_cms
    • Published: Dec. 20, 2024
    • Modified: Apr. 18, 2025

  • 8.8

    HIGH
    CVE-2024-37758

    Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024
Showing 20 of 293513 Results