Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-12180

    A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remo... Read more

    Affected Products : dedecms
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 7.8

    HIGH
    CVE-2018-9396

    In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User int... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-54675

    app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-54674

    app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 5.3

    MEDIUM
    CVE-2024-51210

    Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional b... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 7.5

    HIGH
    CVE-2024-50947

    An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 8.8

    HIGH
    CVE-2024-39219

    An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024

  • 3.7

    LOW
    CVE-2024-38829

    A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. Th... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-48453

    An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-12196

    Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 5.0

    MEDIUM
    CVE-2024-12151

    Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 8.1

    HIGH
    CVE-2024-12149

    Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requ... Read more

    Affected Products : remote_desktop_manager
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-12148

    Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 7.1

    HIGH
    CVE-2024-12147

    A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument C... Read more

    Affected Products : r6900_firmware
    • Published: Dec. 04, 2024
    • Modified: Jan. 14, 2025

  • 7.8

    HIGH
    CVE-2018-9395

    In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of pri... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2018-9394

    In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2018-9393

    In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction i... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2018-9392

    In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges neede... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-52676

    Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php.... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 17, 2025

  • 8.8

    HIGH
    CVE-2024-39163

    binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024
Showing 20 of 291898 Results