Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-45819

    PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-45818

    The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. Th... Read more

    Affected Products : xen
    • Published: Dec. 19, 2024
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-37962

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.6

    CRITICAL
    CVE-2024-12626

    The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including,... Read more

    Affected Products : automatorwp
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 4.3

    MEDIUM
    CVE-2024-12331

    The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authent... Read more

    Affected Products : filester
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2021-26115

    An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS comma... Read more

    Affected Products : fortiwan
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 8.8

    HIGH
    CVE-2020-15934

    An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target ma... Read more

    Affected Products : forticlient
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 8.8

    HIGH
    CVE-2020-12820

    Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbi... Read more

    Affected Products : fortios
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 5.6

    MEDIUM
    CVE-2024-11616

    Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jun. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-4617

    Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values.  This issue affects Govee Home ap... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2024-12569

    Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-4230

    External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious cod... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2024-4229

    Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resul... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 7.3

    HIGH
    CVE-2021-26093

    An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.... Read more

    Affected Products : fortiwlc
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 7.5

    HIGH
    CVE-2020-12819

    A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by send... Read more

    Affected Products : fortios
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-12560

    The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for a... Read more

    Affected Products : button_block
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-11768

    The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for u... Read more

    Affected Products : download_manager download_manager
    • Published: Dec. 19, 2024
    • Modified: Mar. 21, 2025

  • 7.3

    HIGH
    CVE-2024-11740

    The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before runni... Read more

    Affected Products : download_manager download_manager
    • Published: Dec. 19, 2024
    • Modified: Mar. 21, 2025

  • 9.4

    CRITICAL
    CVE-2024-11984

    A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with S... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024

  • 7.1

    HIGH
    CVE-2024-51532

    Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary sy... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 29, 2025
Showing 20 of 293508 Results