Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-51175

    An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 18, 2024

  • 9.1

    CRITICAL
    CVE-2024-31668

    rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta.... Read more

    Affected Products : rizin
    • Published: Dec. 17, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-29646

    Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.... Read more

    Affected Products : radare2
    • Published: Dec. 17, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2023-37940

    Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject ... Read more

    • Published: Dec. 17, 2024
    • Modified: Jan. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-55059

    A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php.... Read more

    Affected Products : online_birth_certificate_system
    • Published: Dec. 17, 2024
    • Modified: Mar. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-55058

    An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw ... Read more

    Affected Products : online_birth_certificate_system
    • Published: Dec. 17, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-55057

    Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.... Read more

    Affected Products : online_birth_certificate_system
    • Published: Dec. 17, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-55056

    A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.... Read more

    Affected Products : online_birth_certificate_system
    • Published: Dec. 17, 2024
    • Modified: Mar. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-12539

    An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.... Read more

    Affected Products : elasticsearch elasticsearch
    • Published: Dec. 17, 2024
    • Modified: Feb. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-11993

    Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field... Read more

    • Published: Dec. 17, 2024
    • Modified: Mar. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-55516

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-55515

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded.... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-55514

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to u... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-55513

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading ... Read more

    • Published: Dec. 17, 2024
    • Modified: Apr. 28, 2025

  • 7.3

    HIGH
    CVE-2024-49194

    Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could pote... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Jul. 02, 2025

  • 6.9

    MEDIUM
    CVE-2024-56139

    pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid u... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    HIGH
    CVE-2024-51479

    Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly unde... Read more

    Affected Products : next.js
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 9.1

    CRITICAL
    CVE-2024-55496

    A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection.... Read more

    Affected Products : bookstore_management_system
    • Published: Dec. 17, 2024
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2024-54662

    Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 18, 2024

  • 3.7

    LOW
    CVE-2024-49820

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability t... Read more

    • Published: Dec. 17, 2024
    • Modified: Jan. 10, 2025
Showing 20 of 293262 Results