Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-50381

    A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it fro... Read more

    Affected Products : orvc
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.7

    HIGH
    CVE-2024-50380

    Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.... Read more

    Affected Products : orvc
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.7

    HIGH
    CVE-2024-49763

    PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 4.3

    MEDIUM
    CVE-2024-53984

    Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the ... Read more

    Affected Products : nanopb
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 7.5

    HIGH
    CVE-2024-53981

    python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emit... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 6.3

    MEDIUM
    CVE-2024-53862

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/work... Read more

    Affected Products : argo_workflows
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 5.4

    MEDIUM
    CVE-2024-53459

    Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter.... Read more

    Affected Products : multi_server
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-8785

    In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 09, 2024

  • 9.1

    CRITICAL
    CVE-2024-52732

    Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-46909

    In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46908

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46907

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 8.8

    HIGH
    CVE-2024-46906

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 06, 2024

  • 8.8

    HIGH
    CVE-2024-46905

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 03, 2024

  • 4.8

    MEDIUM
    CVE-2024-38827

    The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Jan. 24, 2025

  • 7.5

    HIGH
    CVE-2024-31669

    rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide.... Read more

    Affected Products : rizin
    • Published: Dec. 02, 2024
    • Modified: Jul. 02, 2025

  • 7.8

    HIGH
    CVE-2024-29645

    Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.... Read more

    Affected Products : radare2
    • Published: Dec. 02, 2024
    • Modified: Jul. 01, 2025

  • 10.0

    CRITICAL
    CVE-2024-10905

    IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ appl... Read more

    Affected Products : identityiq
    • Published: Dec. 02, 2024
    • Modified: Dec. 06, 2024

  • 8.2

    HIGH
    CVE-2024-53793

    Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 8.8

    HIGH
    CVE-2024-53792

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2.... Read more

    Affected Products : watu_quiz
    • Published: Dec. 02, 2024
    • Modified: Jul. 17, 2025
Showing 20 of 291722 Results