Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2024-11158

    An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor... Read more

    Affected Products : arena arena_simulation
    • Published: Dec. 05, 2024
    • Modified: Apr. 18, 2025

  • 8.5

    HIGH
    CVE-2024-11156

    An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerabi... Read more

    Affected Products : arena arena_simulation
    • Published: Dec. 05, 2024
    • Modified: Dec. 17, 2024

  • 8.5

    HIGH
    CVE-2024-11155

    A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this ... Read more

    Affected Products : arena arena_simulation
    • Published: Dec. 05, 2024
    • Modified: Apr. 14, 2025

  • 5.7

    MEDIUM
    CVE-2024-54128

    Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which ca... Read more

    Affected Products : directus
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-53846

    OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP st... Read more

    Affected Products : otp
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 7.5

    HIGH
    CVE-2024-53490

    Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-12234

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injectio... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-12233

    A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img le... Read more

    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.2

    CRITICAL
    CVE-2024-54130

    The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is ... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.2

    CRITICAL
    CVE-2024-54129

    The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the i... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-54001

    Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_forma... Read more

    Affected Products : kanboard
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 7.5

    HIGH
    CVE-2024-53857

    rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 7.5

    HIGH
    CVE-2024-53856

    rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 8.8

    HIGH
    CVE-2024-53472

    WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF).... Read more

    Affected Products : wegia
    • Published: Dec. 05, 2024
    • Modified: Apr. 09, 2025

  • 6.1

    MEDIUM
    CVE-2024-53471

    Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.... Read more

    Affected Products : wegia
    • Published: Dec. 05, 2024
    • Modified: Apr. 09, 2025

  • 6.1

    MEDIUM
    CVE-2024-53470

    Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.... Read more

    Affected Products : wegia
    • Published: Dec. 05, 2024
    • Modified: Apr. 09, 2025

  • 4.6

    MEDIUM
    CVE-2024-12247

    Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-12232

    A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. ... Read more

    Affected Products : simple_crud_functionality
    • Published: Dec. 05, 2024
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-12231

    A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the atta... Read more

    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 5.9

    MEDIUM
    CVE-2024-10716

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.... Read more

    Affected Products : infinity
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024
Showing 20 of 291918 Results