Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-56048

    Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.5

    HIGH
    CVE-2024-56047

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 8.6

    HIGH
    CVE-2024-55953

    DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has ... Read more

    Affected Products : dataease
    • Published: Dec. 18, 2024
    • Modified: Feb. 20, 2025

  • 8.8

    HIGH
    CVE-2024-55952

    DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/test/?so... Read more

    Affected Products : dataease
    • Published: Dec. 18, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-54383

    Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.1

    HIGH
    CVE-2024-54381

    Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 7.6

    HIGH
    CVE-2024-49202

    Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-49201

    Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-47040

    There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47039

    In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47038

    In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for ... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 9.1

    CRITICAL
    CVE-2024-55089

    Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function.... Read more

    Affected Products : rhymix
    • Published: Dec. 18, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-55088

    GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-55492

    Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).... Read more

    Affected Products : winmail_server
    • Published: Dec. 18, 2024
    • Modified: Jul. 17, 2025

  • 7.2

    HIGH
    CVE-2024-55086

    In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 18, 2024
    • Modified: Apr. 18, 2025

  • 6.8

    MEDIUM
    CVE-2024-45082

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit ... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-41752

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the h... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-25042

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 18, 2024
    • Modified: Jan. 10, 2025

  • 5.7

    MEDIUM
    CVE-2024-52361

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2024-49576

    A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and ... Read more

    Affected Products : pdf_reader
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024
Showing 20 of 293353 Results