Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-45205

    An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected ... Read more

    Affected Products : unifi
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.7

    HIGH
    CVE-2024-45204

    A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting syste... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.7

    HIGH
    CVE-2024-42457

    A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credent... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2024-42456

    A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specif... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2024-42455

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the s... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2024-42453

    A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2024-42452

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server w... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.7

    HIGH
    CVE-2024-42451

    A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup ... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 7.1

    HIGH
    CVE-2024-42449

    From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Dec. 04, 2024
    • Modified: Mar. 13, 2025

  • 8.8

    HIGH
    CVE-2024-40717

    A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network sh... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 24, 2025

  • 4.4

    MEDIUM
    CVE-2024-11985

    An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information.... Read more

    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.1

    MEDIUM
    CVE-2024-11479

    A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 8.8

    HIGH
    CVE-2024-46624

    An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 04, 2024

  • 3.8

    LOW
    CVE-2024-53502

    Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page.... Read more

    Affected Products : semcms
    • Published: Dec. 03, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-51363

    Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 8.8

    HIGH
    CVE-2024-46625

    An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 7.3

    HIGH
    CVE-2024-54131

    The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was in... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 6.3

    MEDIUM
    CVE-2024-53672

    A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileg... Read more

    Affected Products : clearpass_policy_manager
    • Published: Dec. 03, 2024
    • Modified: Apr. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-51773

    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Dec. 03, 2024
    • Modified: Apr. 07, 2025

  • 8.0

    HIGH
    CVE-2024-51772

    An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary comm... Read more

    Affected Products : clearpass_policy_manager
    • Published: Dec. 03, 2024
    • Modified: Apr. 07, 2025
Showing 20 of 291737 Results