Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.0

    LOW
    CVE-2024-49417

    Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : smart_touch_call
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-49416

    Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.... Read more

    Affected Products : smartthings
    • Published: Dec. 03, 2024
    • Modified: Jul. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-49415

    Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : android android
    • Published: Dec. 03, 2024
    • Modified: Feb. 10, 2025

  • 2.4

    LOW
    CVE-2024-49414

    Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.... Read more

    Affected Products : android android
    • Published: Dec. 03, 2024
    • Modified: Feb. 10, 2025

  • 7.8

    HIGH
    CVE-2024-49413

    Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.... Read more

    Affected Products : android android
    • Published: Dec. 03, 2024
    • Modified: Feb. 10, 2025

  • 5.5

    MEDIUM
    CVE-2024-49412

    Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.... Read more

    Affected Products : android
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 4.6

    MEDIUM
    CVE-2024-49411

    Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.... Read more

    Affected Products : android android
    • Published: Dec. 03, 2024
    • Modified: Feb. 10, 2025

  • 7.8

    HIGH
    CVE-2024-49410

    Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.... Read more

    Affected Products : android android
    • Published: Dec. 03, 2024
    • Modified: Feb. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-10893

    The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : wp_booking_calendar
    • Published: Dec. 03, 2024
    • Modified: May. 17, 2025

  • 6.4

    MEDIUM
    CVE-2024-10484

    The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products : spectra
    • Published: Dec. 03, 2024
    • Modified: Feb. 07, 2025

  • 6.4

    MEDIUM
    CVE-2024-9694

    The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 7.1

    HIGH
    CVE-2024-45068

    Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 1... Read more

    Affected Products : ops_center_common_services
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 7.2

    HIGH
    CVE-2024-9200

    A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute opera... Read more

    • Published: Dec. 03, 2024
    • Modified: Jan. 21, 2025

  • 4.9

    MEDIUM
    CVE-2024-9197

    A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary den... Read more

    • Published: Dec. 03, 2024
    • Modified: Jan. 21, 2025

  • 7.5

    HIGH
    CVE-2024-8748

    A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web ma... Read more

    • Published: Dec. 03, 2024
    • Modified: Jan. 21, 2025

  • 5.5

    MEDIUM
    CVE-2018-9449

    In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for... Read more

    Affected Products : android
    • Published: Dec. 03, 2024
    • Modified: Dec. 18, 2024

  • 5.5

    MEDIUM
    CVE-2018-9441

    In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 03, 2024
    • Modified: Dec. 18, 2024

  • 8.8

    HIGH
    CVE-2024-53937

    An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute ar... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-53988

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-53987

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025
Showing 20 of 291659 Results