Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-49201

    Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-47040

    There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47039

    In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47038

    In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for ... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 9.1

    CRITICAL
    CVE-2024-55089

    Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function.... Read more

    Affected Products : rhymix
    • Published: Dec. 18, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-55088

    GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-55492

    Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).... Read more

    Affected Products : winmail_server
    • Published: Dec. 18, 2024
    • Modified: Jul. 17, 2025

  • 7.2

    HIGH
    CVE-2024-55086

    In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 18, 2025

  • 6.8

    MEDIUM
    CVE-2024-45082

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit ... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-41752

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the h... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-25042

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 5.7

    MEDIUM
    CVE-2024-52361

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2024-49576

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and ... Read more

    Affected Products : pdf_reader
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2024-47810

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in ar... Read more

    Affected Products : pdf_reader
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2024-47119

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2024-12373

    A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-12372

    A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing fo... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-12371

    A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edi... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 4.9

    MEDIUM
    CVE-2023-50956

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 09, 2025

  • 5.3

    MEDIUM
    CVE-2024-56128

    Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 58... Read more

    Affected Products : kafka
    • Published: Dec. 18, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293306 Results