Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-25036

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-25035

    IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-25019

    IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system ... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 5.9

    MEDIUM
    CVE-2021-29892

    IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information us... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 7.5

    HIGH
    CVE-2024-54000

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow... Read more

    Affected Products : mobile_security_framework
    • Published: Dec. 03, 2024
    • Modified: Jun. 27, 2025

  • 8.1

    HIGH
    CVE-2024-53999

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a m... Read more

    Affected Products : mobile_security_framework
    • Published: Dec. 03, 2024
    • Modified: Jun. 27, 2025

  • 4.9

    MEDIUM
    CVE-2024-53257

    Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring p... Read more

    Affected Products : vitess
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 7.5

    HIGH
    CVE-2024-11391

    The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attack... Read more

    Affected Products : advanced_file_manager
    • Published: Dec. 03, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-11200

    The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for una... Read more

    Affected Products : goodlayers_core
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-9978

    in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.... Read more

    Affected Products : openharmony
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 8.3

    HIGH
    CVE-2024-42422

    Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : networker
    • Published: Dec. 03, 2024
    • Modified: Feb. 03, 2025

  • 5.5

    MEDIUM
    CVE-2024-12082

    in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.... Read more

    Affected Products : openharmony
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 8.8

    HIGH
    CVE-2024-10074

    in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.... Read more

    Affected Products : openharmony
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-11326

    The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for un... Read more

    Affected Products : campaign_monitor_optin_cat
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 7.8

    HIGH
    CVE-2024-47476

    Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.... Read more

    Affected Products : networker_management_console
    • Published: Dec. 03, 2024
    • Modified: Feb. 03, 2025

  • 8.1

    HIGH
    CVE-2024-45106

    Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to tr... Read more

    Affected Products : ozone
    • Published: Dec. 03, 2024
    • Modified: Jul. 01, 2025

  • 4.3

    MEDIUM
    CVE-2024-12062

    The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This m... Read more

    Affected Products : charity_addon_for_elementor
    • Published: Dec. 03, 2024
    • Modified: Mar. 27, 2025

  • 6.4

    MEDIUM
    CVE-2024-11782

    The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    Affected Products : wp_mailster
    • Published: Dec. 03, 2024
    • Modified: Feb. 10, 2025

  • 5.2

    MEDIUM
    CVE-2024-11325

    The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-11866

    The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
Showing 20 of 291712 Results