Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-12196

    Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 5.0

    MEDIUM
    CVE-2024-12151

    Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 8.1

    HIGH
    CVE-2024-12149

    Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requ... Read more

    Affected Products : remote_desktop_manager
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-12148

    Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 7.1

    HIGH
    CVE-2024-12147

    A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument C... Read more

    Affected Products : r6900_firmware
    • Published: Dec. 04, 2024
    • Modified: Jan. 14, 2025

  • 7.8

    HIGH
    CVE-2018-9395

    In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of pri... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2018-9394

    In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2018-9393

    In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction i... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2018-9392

    In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges neede... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-52676

    Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php.... Read more

    • Published: Dec. 04, 2024
    • Modified: Apr. 17, 2025

  • 8.8

    HIGH
    CVE-2024-39163

    binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024

  • 5.2

    MEDIUM
    CVE-2024-20397

    A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification... Read more

    Affected Products : nx-os unified_computing_system
    • Published: Dec. 04, 2024
    • Modified: Feb. 05, 2025

  • 8.3

    HIGH
    CVE-2024-54134

    A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key mate... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.3

    MEDIUM
    CVE-2024-54132

    The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh ru... Read more

    Affected Products : cli
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-54002

    Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes signifi... Read more

    Affected Products : dependency-track
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-53614

    A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 7.5

    HIGH
    CVE-2024-37575

    The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dia... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024

  • 8.2

    HIGH
    CVE-2024-37574

    The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 12, 2024

  • 8.8

    HIGH
    CVE-2024-11643

    The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and inc... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-53140

    In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping p... Read more

    Affected Products : linux_kernel
    • Published: Dec. 04, 2024
    • Modified: Dec. 14, 2024
Showing 20 of 291969 Results