Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-53988

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-53987

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-53986

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-53985

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.1... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2024-53941

    An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 8.8

    HIGH
    CVE-2024-53940

    An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parame... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 8.8

    HIGH
    CVE-2024-53939

    An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allow... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 8.8

    HIGH
    CVE-2024-53938

    An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achi... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 8.0

    HIGH
    CVE-2024-53375

    An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable withou... Read more

    Affected Products : archer_axe75_firmware
    • Published: Dec. 02, 2024
    • Modified: Dec. 17, 2024

  • 6.2

    MEDIUM
    CVE-2018-9435

    In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2018-9431

    In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2018-9430

    In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9429

    In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2018-9426

    In  RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9423

    In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2018-9418

    In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-53989

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-53477

    JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-49581

    Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.1

    HIGH
    CVE-2024-39890

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly c... Read more

    • Published: Dec. 02, 2024
    • Modified: Jul. 01, 2025
Showing 20 of 291641 Results