Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-53989

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-53477

    JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-49581

    Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.1

    HIGH
    CVE-2024-39890

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly c... Read more

    • Published: Dec. 02, 2024
    • Modified: Jul. 01, 2025

  • 7.8

    HIGH
    CVE-2018-9414

    In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2018-9413

    In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2018-9376

    In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User int... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 9.1

    CRITICAL
    CVE-2024-53900

    Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 04, 2024

  • 7.0

    HIGH
    CVE-2024-39343

    An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management... Read more

    • Published: Dec. 02, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2018-9381

    In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for explo... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2018-9380

    In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 5.1

    MEDIUM
    CVE-2024-5890

    ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates t... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 4.8

    MEDIUM
    CVE-2024-53617

    A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.8

    HIGH
    CVE-2024-53484

    Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-52724

    ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.... Read more

    Affected Products : zzcms
    • Published: Dec. 02, 2024
    • Modified: Apr. 21, 2025

  • 9.2

    CRITICAL
    CVE-2024-53990

    The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently repla... Read more

    Affected Products : async-http-client
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 5.5

    MEDIUM
    CVE-2024-53566

    An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.... Read more

    Affected Products : asterisk
    • Published: Dec. 02, 2024
    • Modified: Feb. 06, 2025

  • 2.2

    LOW
    CVE-2024-53564

    A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what... Read more

    Affected Products : freepbx
    • Published: Dec. 02, 2024
    • Modified: Jan. 09, 2025

  • 8.8

    HIGH
    CVE-2024-53992

    unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted arch... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 5.4

    MEDIUM
    CVE-2024-53364

    A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries.... Read more

    Affected Products : vehicle_parking_management_system
    • Published: Dec. 02, 2024
    • Modified: Apr. 07, 2025
Showing 20 of 291625 Results