Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2024-11205

    The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authent... Read more

    Affected Products : wpforms
    • Published: Dec. 10, 2024
    • Modified: Aug. 12, 2025

  • 8.2

    HIGH
    CVE-2024-37144

    Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions p... Read more

    Affected Products : data_lakehouse
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 10.0

    CRITICAL
    CVE-2024-37143

    Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions p... Read more

    Affected Products : data_lakehouse
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.6

    HIGH
    CVE-2024-53919

    An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-53552

    CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.... Read more

    Affected Products : crushftp
    • Published: Dec. 10, 2024
    • Modified: Jun. 27, 2025

  • 8.5

    HIGH
    CVE-2024-54198

    In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can the... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.2

    HIGH
    CVE-2024-54197

    SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SS... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-47585

    SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-47582

    Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.... Read more

    Affected Products : netweaver_application_server_java
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-47581

    SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.8

    MEDIUM
    CVE-2024-47580

    An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file o... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.8

    MEDIUM
    CVE-2024-47579

    An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download fu... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.1

    CRITICAL
    CVE-2024-47578

    Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the exte... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2024-47577

    Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in ... Read more

    Affected Products : commerce_cloud
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 3.3

    LOW
    CVE-2024-47576

    SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be re... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-32732

    Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.3

    MEDIUM
    CVE-2024-9672

    A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur.... Read more

    Affected Products : papercut_ng papercut_mf
    • Published: Dec. 10, 2024
    • Modified: Jan. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-55638

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is exploitabl... Read more

    Affected Products : drupal
    • Published: Dec. 10, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-55637

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploi... Read more

    Affected Products : drupal
    • Published: Dec. 10, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-55636

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploi... Read more

    Affected Products : drupal
    • Published: Dec. 10, 2024
    • Modified: Jun. 02, 2025
Showing 20 of 292238 Results