Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-47761

    GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains... Read more

    Affected Products : glpi
    • Published: Dec. 11, 2024
    • Modified: Jan. 23, 2025

  • 8.8

    HIGH
    CVE-2024-47760

    GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.... Read more

    Affected Products : glpi
    • Published: Dec. 11, 2024
    • Modified: Jan. 23, 2025

  • 7.8

    HIGH
    CVE-2024-11598

    Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : application_control
    • Published: Dec. 11, 2024
    • Modified: Jan. 23, 2025

  • 7.8

    HIGH
    CVE-2024-11597

    Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : performance_manager
    • Published: Dec. 11, 2024
    • Modified: Jan. 23, 2025

  • 7.8

    HIGH
    CVE-2024-10251

    Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : security_controls
    • Published: Dec. 11, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-53677

    File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue ... Read more

    Affected Products : struts
    • Published: Dec. 11, 2024
    • Modified: Jul. 15, 2025

  • 8.8

    HIGH
    CVE-2024-47758

    GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains ... Read more

    Affected Products : glpi
    • Published: Dec. 11, 2024
    • Modified: Feb. 06, 2025

  • 6.3

    MEDIUM
    CVE-2024-28141

    The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacke... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-28140

    The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 12, 2024

  • 8.8

    HIGH
    CVE-2024-28139

    The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 12, 2024

  • 4.7

    MEDIUM
    CVE-2024-50585

    Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" (nlslogin.jsp) page. The vulnerab... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-51460

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.... Read more

    Affected Products : infosphere_information_server
    • Published: Dec. 11, 2024
    • Modified: Jan. 14, 2025

  • 5.3

    MEDIUM
    CVE-2024-11351

    The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possi... Read more

    Affected Products : restrict
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 6.5

    MEDIUM
    CVE-2023-23472

    IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.... Read more

    • Published: Dec. 11, 2024
    • Modified: Mar. 11, 2025

  • 6.1

    MEDIUM
    CVE-2024-12325

    The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-12294

    The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sen... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 7.1

    HIGH
    CVE-2024-11840

    The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucs... Read more

    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-11008

    The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attacker... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-54269

    Missing Authorization vulnerability in Ninja Team Notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through 2.1.4.... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 7.1

    HIGH
    CVE-2024-12363

    Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management.... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024
Showing 20 of 292238 Results