Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-10708

    The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server... Read more

    Affected Products : system_dashboard
    • Published: Dec. 10, 2024
    • Modified: May. 17, 2025

  • 7.7

    HIGH
    CVE-2023-6947

    The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the content... Read more

    Affected Products : foogallery
    • Published: Dec. 10, 2024
    • Modified: Feb. 24, 2025

  • 8.6

    HIGH
    CVE-2024-21542

    Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Jul. 24, 2025

  • 8.5

    HIGH
    CVE-2024-11205

    The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authent... Read more

    Affected Products : wpforms
    • Published: Dec. 10, 2024
    • Modified: Aug. 12, 2025

  • 8.2

    HIGH
    CVE-2024-37144

    Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions p... Read more

    Affected Products : data_lakehouse
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 10.0

    CRITICAL
    CVE-2024-37143

    Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions p... Read more

    Affected Products : data_lakehouse
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.6

    HIGH
    CVE-2024-53919

    An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-53552

    CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.... Read more

    Affected Products : crushftp
    • Published: Dec. 10, 2024
    • Modified: Jun. 27, 2025

  • 8.5

    HIGH
    CVE-2024-54198

    In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can the... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.2

    HIGH
    CVE-2024-54197

    SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SS... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-47585

    SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-47582

    Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.... Read more

    Affected Products : netweaver_application_server_java
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-47581

    SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.8

    MEDIUM
    CVE-2024-47580

    An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file o... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.8

    MEDIUM
    CVE-2024-47579

    An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download fu... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.1

    CRITICAL
    CVE-2024-47578

    Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the exte... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2024-47577

    Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in ... Read more

    Affected Products : commerce_cloud
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 3.3

    LOW
    CVE-2024-47576

    SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be re... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-32732

    Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.3

    MEDIUM
    CVE-2024-9672

    A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur.... Read more

    Affected Products : papercut_ng papercut_mf
    • Published: Dec. 10, 2024
    • Modified: Jan. 30, 2025
Showing 20 of 292001 Results