Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-12197

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12194

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12193

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12192

    A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12191

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12179

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the c... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12178

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-11422

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: Aug. 26, 2025

  • 8.0

    HIGH
    CVE-2024-10476

    Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifi... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-37607

    A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : dap-2555_firmware dap-2555
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-37606

    A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-37605

    A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : dir-860l_firmware dir-860l
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2024-36832

    A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receive... Read more

    Affected Products : dap-1513_firmware dap-1513
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-36831

    A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.... Read more

    Affected Products : dap-1520_firmware dap-1520
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-8972

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-9819

    Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-54677

    Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through... Read more

    Affected Products : tomcat bootstrap_os hci_compute_node
    • Published: Dec. 17, 2024
    • Modified: Aug. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-50379

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache T... Read more

    Affected Products : tomcat bootstrap_os hci_compute_node
    • Published: Dec. 17, 2024
    • Modified: Aug. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-10356

    The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with C... Read more

    Affected Products : elementsready
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 3.7

    LOW
    CVE-2024-9654

    The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the inte... Read more

    Affected Products : easy_digital_downloads
    • Published: Dec. 17, 2024
    • Modified: Feb. 07, 2025
Showing 20 of 293510 Results