Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-12294

    The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sen... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 7.1

    HIGH
    CVE-2024-11840

    The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucs... Read more

    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-11008

    The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attacker... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-54269

    Missing Authorization vulnerability in Ninja Team Notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through 2.1.4.... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 7.1

    HIGH
    CVE-2024-12363

    Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management.... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-11737

    CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device.... Read more

    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-11401

    Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard u... Read more

    Affected Products : insight_platform
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-12283

    The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att... Read more

    Affected Products : wp_pipes
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-12004

    The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajax_update_order_note() function. This makes it ... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 6.3

    MEDIUM
    CVE-2024-10511

    CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL.... Read more

    Affected Products :
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 7.2

    HIGH
    CVE-2024-53292

    Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The ... Read more

    • Published: Dec. 11, 2024
    • Modified: Feb. 04, 2025

  • 8.4

    HIGH
    CVE-2024-53290

    Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command executio... Read more

    Affected Products : thinos
    • Published: Dec. 11, 2024
    • Modified: Feb. 04, 2025

  • 7.8

    HIGH
    CVE-2024-53289

    Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.... Read more

    Affected Products : thinos
    • Published: Dec. 11, 2024
    • Modified: Feb. 04, 2025

  • 6.7

    MEDIUM
    CVE-2024-52537

    Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.... Read more

    • Published: Dec. 11, 2024
    • Modified: Feb. 04, 2025

  • 3.4

    LOW
    CVE-2024-11053

    When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry ... Read more

    • Published: Dec. 11, 2024
    • Modified: Jul. 30, 2025

  • 3.3

    LOW
    CVE-2023-37395

    IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.... Read more

    Affected Products : aspera_faspex
    • Published: Dec. 11, 2024
    • Modified: Jan. 07, 2025

  • 4.4

    MEDIUM
    CVE-2024-35117

    IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.... Read more

    Affected Products : openpages_with_watson
    • Published: Dec. 11, 2024
    • Modified: Dec. 11, 2024

  • 2.7

    LOW
    CVE-2024-55655

    sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verifi... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.5

    MEDIUM
    CVE-2024-55653

    PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id... Read more

    Affected Products : pwndoc
    • Published: Dec. 10, 2024
    • Modified: Apr. 18, 2025

  • 2.3

    LOW
    CVE-2024-54133

    Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, ... Read more

    Affected Products : rails
    • Published: Dec. 10, 2024
    • Modified: Mar. 07, 2025
Showing 20 of 292803 Results