Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-12382

    Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 8.8

    HIGH
    CVE-2024-12381

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 8.8

    HIGH
    CVE-2024-11950

    XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit ... Read more

    Affected Products : xnview
    • Published: Dec. 12, 2024
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2024-11949

    GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vu... Read more

    Affected Products : archiver
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-11948

    GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific fl... Read more

    Affected Products : archiver
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 8.8

    HIGH
    CVE-2024-11947

    GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vul... Read more

    Affected Products : archiver
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 7.8

    HIGH
    CVE-2024-11872

    Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to exe... Read more

    Affected Products : launcher
    • Published: Dec. 12, 2024
    • Modified: Aug. 15, 2025

  • 7.8

    HIGH
    CVE-2024-9845

    Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : automation
    • Published: Dec. 11, 2024
    • Modified: Dec. 13, 2024

  • 7.8

    HIGH
    CVE-2024-8496

    Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : workspace_control
    • Published: Dec. 11, 2024
    • Modified: Dec. 13, 2024

  • 8.1

    HIGH
    CVE-2024-48912

    GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.... Read more

    Affected Products : glpi
    • Published: Dec. 11, 2024
    • Modified: Jan. 10, 2025

  • 7.5

    HIGH
    CVE-2024-47761

    GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains... Read more

    Affected Products : glpi
    • Published: Dec. 11, 2024
    • Modified: Jan. 23, 2025

  • 8.8

    HIGH
    CVE-2024-47760

    GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.... Read more

    Affected Products : glpi
    • Published: Dec. 11, 2024
    • Modified: Jan. 23, 2025

  • 7.8

    HIGH
    CVE-2024-11598

    Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : application_control
    • Published: Dec. 11, 2024
    • Modified: Jan. 23, 2025

  • 7.8

    HIGH
    CVE-2024-11597

    Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : performance_manager
    • Published: Dec. 11, 2024
    • Modified: Jan. 23, 2025

  • 7.8

    HIGH
    CVE-2024-10251

    Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : security_controls
    • Published: Dec. 11, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-53677

    File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue ... Read more

    Affected Products : struts
    • Published: Dec. 11, 2024
    • Modified: Jul. 15, 2025

  • 8.8

    HIGH
    CVE-2024-47758

    GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains ... Read more

    Affected Products : glpi
    • Published: Dec. 11, 2024
    • Modified: Feb. 06, 2025

  • 6.3

    MEDIUM
    CVE-2024-28141

    The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacke... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-28140

    The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 12, 2024

  • 8.8

    HIGH
    CVE-2024-28139

    The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 12, 2024
Showing 20 of 292628 Results