Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-53981

    python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emit... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 6.3

    MEDIUM
    CVE-2024-53862

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/work... Read more

    Affected Products : argo_workflows
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 5.4

    MEDIUM
    CVE-2024-53459

    Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter.... Read more

    Affected Products : multi_server
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-8785

    In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 09, 2024

  • 9.1

    CRITICAL
    CVE-2024-52732

    Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-46909

    In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46908

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46907

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46906

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 06, 2024

  • 8.8

    HIGH
    CVE-2024-46905

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 4.8

    MEDIUM
    CVE-2024-38827

    The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Jan. 24, 2025

  • 7.5

    HIGH
    CVE-2024-31669

    rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide.... Read more

    Affected Products : rizin
    • Published: Dec. 02, 2024
    • Modified: Jul. 02, 2025

  • 7.8

    HIGH
    CVE-2024-29645

    Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.... Read more

    Affected Products : radare2
    • Published: Dec. 02, 2024
    • Modified: Jul. 01, 2025

  • 10.0

    CRITICAL
    CVE-2024-10905

    IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ appl... Read more

    Affected Products : identityiq
    • Published: Dec. 02, 2024
    • Modified: Dec. 06, 2024

  • 8.2

    HIGH
    CVE-2024-53793

    Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.8

    HIGH
    CVE-2024-53792

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2.... Read more

    Affected Products : watu_quiz
    • Published: Dec. 02, 2024
    • Modified: Jul. 17, 2025

  • 7.1

    HIGH
    CVE-2024-53789

    Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 4.3

    MEDIUM
    CVE-2024-53784

    Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9.... Read more

    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 7.1

    HIGH
    CVE-2024-53782

    Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 7.1

    HIGH
    CVE-2024-53781

    Cross-Site Request Forgery (CSRF) vulnerability in Home Junction SpatialMatch IDX allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through 3.0.9.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024
Showing 20 of 291638 Results