Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-51165

    SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.... Read more

    Affected Products : jepaas
    • Published: Dec. 10, 2024
    • Modified: Jun. 24, 2025

  • 5.5

    MEDIUM
    CVE-2024-49554

    Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of s... Read more

    Affected Products : macos media_encoder windows
    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49553

    Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos media_encoder windows
    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49552

    Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic... Read more

    Affected Products : media_encoder
    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49551

    Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos media_encoder windows
    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 6.3

    MEDIUM
    CVE-2024-49535

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input ... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 23, 2025

  • 5.5

    MEDIUM
    CVE-2024-49534

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t... Read more

    • Published: Dec. 10, 2024
    • Modified: Feb. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-49533

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t... Read more

    • Published: Dec. 10, 2024
    • Modified: Feb. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-49532

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t... Read more

    • Published: Dec. 10, 2024
    • Modified: Feb. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-49531

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnera... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 21, 2025

  • 7.8

    HIGH
    CVE-2024-49530

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this ... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 21, 2025

  • 8.0

    HIGH
    CVE-2024-46341

    TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-46340

    TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-9844

    Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.... Read more

    Affected Products : connect_secure
    • Published: Dec. 10, 2024
    • Modified: Jan. 17, 2025

  • 8.8

    HIGH
    CVE-2024-8540

    Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.... Read more

    Affected Products : standalone_sentry
    • Published: Dec. 10, 2024
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2024-7572

    Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.... Read more

    Affected Products : desktop_\&_server_management
    • Published: Dec. 10, 2024
    • Modified: Jul. 11, 2025

  • 4.4

    MEDIUM
    CVE-2024-55550

    Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources ... Read more

    Affected Products : micollab
    • Actively Exploited
    • Published: Dec. 10, 2024
    • Modified: Jan. 08, 2025

  • 8.8

    HIGH
    CVE-2024-55500

    Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024

  • 7.2

    HIGH
    CVE-2024-54008

    An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024

  • 4.6

    MEDIUM
    CVE-2024-50931

    Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.... Read more

    • Published: Dec. 10, 2024
    • Modified: Jul. 01, 2025
Showing 20 of 292048 Results