Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2024-48863

    A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-48859

    An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-54750

    Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-54747

    WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : wn531p3_firmware
    • Published: Dec. 06, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-54745

    WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 11, 2024

  • 7.5

    HIGH
    CVE-2024-54137

    liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, p... Read more

    Affected Products : liboqs
    • Published: Dec. 06, 2024
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-54136

    ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection ge... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-54135

    ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. Us... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-50677

    A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.... Read more

    Affected Products : oroplatform orocommerce
    • Published: Dec. 06, 2024
    • Modified: Jun. 13, 2025

  • 5.3

    MEDIUM
    CVE-2024-30129

    The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.... Read more

    Affected Products : nomad_server_on_domino
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 8.7

    HIGH
    CVE-2024-12254

    Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols wou... Read more

    Affected Products : python
    • Published: Dec. 06, 2024
    • Modified: Apr. 04, 2025

  • 8.6

    HIGH
    CVE-2024-54141

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.... Read more

    Affected Products : phpmyfaq
    • Published: Dec. 06, 2024
    • Modified: Aug. 15, 2025

  • 6.2

    MEDIUM
    CVE-2024-42196

    HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.... Read more

    Affected Products : hcl_launch
    • Published: Dec. 06, 2024
    • Modified: Apr. 14, 2025

  • 7.5

    HIGH
    CVE-2024-11738

    A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.... Read more

    Affected Products : rustls
    • Published: Dec. 06, 2024
    • Modified: Jul. 29, 2025

  • 7.7

    HIGH
    CVE-2024-54216

    Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 20, 2024

  • 10.0

    CRITICAL
    CVE-2024-54214

    Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.... Read more

    Affected Products : revy
    • Published: Dec. 06, 2024
    • Modified: Dec. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-54213

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.5

    MEDIUM
    CVE-2024-54212

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6.... Read more

    Affected Products : magical_addons_for_elementor
    • Published: Dec. 06, 2024
    • Modified: Feb. 03, 2025

  • 5.9

    MEDIUM
    CVE-2024-54211

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8.... Read more

    Affected Products : borderless
    • Published: Dec. 06, 2024
    • Modified: Apr. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-54210

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a thro... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024
Showing 20 of 291902 Results