Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-7488

    Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1.  NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 0.0

    NA
    CVE-2024-53125

    In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 19, 2024

  • 8.8

    HIGH
    CVE-2024-51465

    IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.... Read more

    • Published: Dec. 04, 2024
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-12138

    A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to d... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-11935

    The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8962

    The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possi... Read more

    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 8.1

    HIGH
    CVE-2024-8894

    Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause... Read more

    Affected Products : comos
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-54158

    In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding... Read more

    Affected Products : youtrack
    • Published: Dec. 04, 2024
    • Modified: Jan. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-54157

    In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector... Read more

    Affected Products : youtrack
    • Published: Dec. 04, 2024
    • Modified: Jan. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-54156

    In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack... Read more

    Affected Products : youtrack
    • Published: Dec. 04, 2024
    • Modified: Jan. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-54155

    In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication... Read more

    Affected Products : youtrack
    • Published: Dec. 04, 2024
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-54154

    In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox... Read more

    Affected Products : youtrack
    • Published: Dec. 04, 2024
    • Modified: Jan. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-54153

    In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter... Read more

    Affected Products : youtrack
    • Published: Dec. 04, 2024
    • Modified: Jan. 31, 2025

  • 8.2

    HIGH
    CVE-2024-52269

    User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Jan. 06, 2025

  • 6.4

    MEDIUM
    CVE-2024-11854

    The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitizatio... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 9.4

    CRITICAL
    CVE-2024-10576

    Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissi... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 8.2

    HIGH
    CVE-2024-52277

    User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): W... Read more

    Affected Products : docuseal
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 8.2

    HIGH
    CVE-2024-52276

    User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does n... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-52275

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-52274

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025
Showing 20 of 291812 Results