Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2024-20132

    In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue... Read more

    Affected Products : nr16 mt6879 mt6886 mt6895 mt6895t mt6896 mt6980 mt6980d mt6985 mt6989 +8 more products
    • Published: Dec. 02, 2024
    • Modified: Jun. 25, 2025

  • 6.7

    MEDIUM
    CVE-2024-20131

    In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issu... Read more

    Affected Products : nr16 nr17 mt6789 mt6813 mt6835 mt6855 mt6878 mt6879 mt6886 mt6895 +23 more products
    • Published: Dec. 02, 2024
    • Modified: Apr. 22, 2025

  • 6.7

    MEDIUM
    CVE-2024-20130

    In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: M... Read more

    Affected Products : android mt6781 mt6789 mt6833 mt6835 mt6853 mt6855 mt6877 mt6878 mt6879 +20 more products
    • Published: Dec. 02, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-20129

    In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +37 more products
    • Published: Dec. 02, 2024
    • Modified: Mar. 13, 2025

  • 7.5

    HIGH
    CVE-2024-20128

    In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +37 more products
    • Published: Dec. 02, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-20127

    In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +37 more products
    • Published: Dec. 02, 2024
    • Modified: Apr. 22, 2025

  • 6.7

    MEDIUM
    CVE-2024-20125

    In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +35 more products
    • Published: Dec. 02, 2024
    • Modified: Apr. 22, 2025

  • 4.4

    MEDIUM
    CVE-2024-20116

    In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt8791t mt8797 mt6765 mt6768 mt8765 +9 more products
    • Published: Dec. 02, 2024
    • Modified: Apr. 22, 2025

  • 3.7

    LOW
    CVE-2024-11856

    A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 7.5

    HIGH
    CVE-2024-53605

    Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-12007

    A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Dec. 01, 2024
    • Modified: Dec. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-53752

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation allows Stored XSS.This issue affects Stripe Donation: from n/a through 1.2.5.... Read more

    Affected Products :
    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024

  • 7.1

    HIGH
    CVE-2024-53750

    Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-53749

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Stored XSS.This issue affects Post Carousel Slider for Elementor: from n/a through 1.4.0.... Read more

    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-53748

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP Mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-53747

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NuttTaro Video Player for WPBakery allows Stored XSS.This issue affects Video Player for WPBakery: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-53746

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Elementor Button Plus allows Stored XSS.This issue affects Elementor Button Plus: from n/a through 1.3.3.... Read more

    Affected Products :
    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-53745

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 코스모스팜 – Cosmosfarm 소셜 공유 버튼 By 코스모스팜 allows Stored XSS.This issue affects 소셜 공유 버튼 By 코스모스팜: from n/a through 1.9.... Read more

    Affected Products :
    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-53744

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Skybootstrap Elementor Image Gallery Plugin allows Stored XSS.This issue affects Elementor Image Gallery Plugin: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024

  • 6.5

    MEDIUM
    CVE-2024-53743

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Countdown Timer for Elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through 1.3.6.... Read more

    Affected Products : countdown_timer_for_elementor
    • Published: Dec. 01, 2024
    • Modified: Dec. 01, 2024
Showing 20 of 291638 Results