Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-45757

    An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2024-51771

    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitr... Read more

    Affected Products : clearpass_policy_manager
    • Published: Dec. 03, 2024
    • Modified: Apr. 07, 2025

  • 8.8

    HIGH
    CVE-2024-51114

    An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 05, 2024

  • 2.8

    LOW
    CVE-2024-53921

    An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.... Read more

    Affected Products : windows magician
    • Published: Dec. 03, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-50948

    An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 04, 2024

  • 7.5

    HIGH
    CVE-2024-48080

    An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. NOTE: the Supplier indicates that exploitation cannot occur because of the protection mechanism in the validateTopic function in lib/utils.js.... Read more

    Affected Products : aedes
    • Published: Dec. 03, 2024
    • Modified: Feb. 21, 2025

  • 8.8

    HIGH
    CVE-2024-12053

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Dec. 03, 2024
    • Modified: Jan. 02, 2025

  • 6.7

    MEDIUM
    CVE-2024-52548

    An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 7.2

    HIGH
    CVE-2024-52547

    An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 5.3

    MEDIUM
    CVE-2024-52546

    An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-52545

    An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-52544

    An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 4.3

    MEDIUM
    CVE-2024-45676

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction.... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 7.5

    HIGH
    CVE-2024-41777

    IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-41776

    IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 7.5

    HIGH
    CVE-2024-41775

    IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-25020

    IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the sy... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-53867

    Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability ... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 9.1

    CRITICAL
    CVE-2024-53863

    Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially in... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2024-52815

    Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 291717 Results