Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-53992

    unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted arch... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 5.4

    MEDIUM
    CVE-2024-53364

    A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries.... Read more

    Affected Products : vehicle_parking_management_system
    • Published: Dec. 02, 2024
    • Modified: Apr. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-53259

    quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when q... Read more

    Affected Products : quic-go
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.3

    HIGH
    CVE-2024-52806

    SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.... Read more

    Affected Products : saml2
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.8

    HIGH
    CVE-2024-52596

    SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.... Read more

    Affected Products : simplesamlphp saml2 xml-security
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.8

    HIGH
    CVE-2024-50381

    A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it fro... Read more

    Affected Products : orvc
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.7

    HIGH
    CVE-2024-50380

    Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.... Read more

    Affected Products : orvc
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.7

    HIGH
    CVE-2024-49763

    PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 4.3

    MEDIUM
    CVE-2024-53984

    Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the ... Read more

    Affected Products : nanopb
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 7.5

    HIGH
    CVE-2024-53981

    python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emit... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 6.3

    MEDIUM
    CVE-2024-53862

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/work... Read more

    Affected Products : argo_workflows
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 5.4

    MEDIUM
    CVE-2024-53459

    Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter.... Read more

    Affected Products : multi_server
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-8785

    In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 09, 2024

  • 9.1

    CRITICAL
    CVE-2024-52732

    Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-46909

    In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46908

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46907

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46906

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 06, 2024

  • 8.8

    HIGH
    CVE-2024-46905

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 4.8

    MEDIUM
    CVE-2024-38827

    The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Jan. 24, 2025
Showing 20 of 291647 Results