Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-41145

    A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious appl... Read more

    Affected Products : teams
    • Published: Dec. 18, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2024-41138

    A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission ... Read more

    Affected Products : teams
    • Published: Dec. 18, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-39804

    A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program... Read more

    Affected Products : powerpoint
    • Published: Dec. 18, 2024
    • Modified: Aug. 25, 2025

  • 4.6

    MEDIUM
    CVE-2024-37649

    Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 31, 2024

  • 6.5

    MEDIUM
    CVE-2022-40733

    An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-c... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2022-40732

    An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-c... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2024-55505

    An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component.... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 18, 2024
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2024-55232

    An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete... Read more

    • Published: Dec. 18, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-55231

    An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and en... Read more

    • Published: Dec. 18, 2024
    • Modified: Mar. 27, 2025

  • 8.8

    HIGH
    CVE-2024-12695

    Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Dec. 18, 2024
    • Modified: Feb. 11, 2025

  • 8.8

    HIGH
    CVE-2024-12694

    Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Dec. 18, 2024
    • Modified: Feb. 11, 2025

  • 8.8

    HIGH
    CVE-2024-12693

    Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Dec. 18, 2024
    • Modified: Mar. 13, 2025

  • 8.8

    HIGH
    CVE-2024-12692

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Dec. 18, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-56145

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspeci... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: Dec. 18, 2024
    • Modified: Jun. 03, 2025

  • 5.9

    MEDIUM
    CVE-2024-56140

    Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perf... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-45338

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.... Read more

    Affected Products : networking
    • Published: Dec. 18, 2024
    • Modified: Feb. 21, 2025

  • 7.2

    HIGH
    CVE-2024-12686

    A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.... Read more

    • Actively Exploited
    • Published: Dec. 18, 2024
    • Modified: Jan. 14, 2025

  • 7.1

    HIGH
    CVE-2024-53271

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-53270

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullp... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-53269

    Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Use... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Aug. 28, 2025
Showing 20 of 293350 Results