Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-4230

    External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious cod... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2024-4229

    Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resul... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.3

    HIGH
    CVE-2021-26093

    An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.... Read more

    Affected Products : fortiwlc
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 7.5

    HIGH
    CVE-2020-12819

    A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by send... Read more

    Affected Products : fortios
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-12560

    The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for a... Read more

    Affected Products : button_block
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-11768

    The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for u... Read more

    Affected Products : download_manager download_manager
    • Published: Dec. 19, 2024
    • Modified: Mar. 21, 2025

  • 7.3

    HIGH
    CVE-2024-11740

    The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before runni... Read more

    Affected Products : download_manager download_manager
    • Published: Dec. 19, 2024
    • Modified: Mar. 21, 2025

  • 9.4

    CRITICAL
    CVE-2024-11984

    A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with S... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024

  • 7.1

    HIGH
    CVE-2024-51532

    Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary sy... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 29, 2025

  • 7.8

    HIGH
    CVE-2024-35141

    IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.... Read more

    Affected Products : db2 security_verify_access_docker
    • Published: Dec. 19, 2024
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-12121

    The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-10548

    The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authe... Read more

    Affected Products : wp_project_manager
    • Published: Dec. 19, 2024
    • Modified: Feb. 05, 2025

  • 6.5

    MEDIUM
    CVE-2023-30443

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.... Read more

    Affected Products : linux_kernel aix hp-ux db2 solaris windows
    • Published: Dec. 19, 2024
    • Modified: Jan. 31, 2025

  • 4.8

    MEDIUM
    CVE-2023-23357

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read applicat... Read more

    Affected Products : qulog_center
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.5

    MEDIUM
    CVE-2023-23356

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.3

    HIGH
    CVE-2023-23354

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.... Read more

    Affected Products : qulog_center
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.8

    MEDIUM
    CVE-2022-27600

    An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vuln... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2022-27595

    An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerab... Read more

    Affected Products : qvpn
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 4.6

    MEDIUM
    CVE-2022-33954

    IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.... Read more

    Affected Products : robotic_process_automation windows
    • Published: Dec. 19, 2024
    • Modified: Mar. 27, 2025

  • 7.5

    HIGH
    CVE-2021-39081

    IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Dec. 19, 2024
    • Modified: Jul. 29, 2025
Showing 20 of 293437 Results