Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-53244

    In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-53243

    In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see ale... Read more

    Affected Products : splunk splunk_secure_gateway
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-12286

    MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 8.5

    HIGH
    CVE-2024-55602

    PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to rea... Read more

    Affected Products : pwndoc
    • Published: Dec. 10, 2024
    • Modified: Apr. 18, 2025

  • 6.9

    MEDIUM
    CVE-2024-55548

    Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-55547

    SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.1

    HIGH
    CVE-2024-55546

    Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 7.1

    HIGH
    CVE-2024-55545

    Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-46657

    Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.... Read more

    Affected Products : mupdf
    • Published: Dec. 10, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-45494

    An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe sh... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-45493

    An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for th... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 17, 2024

  • 8.7

    HIGH
    CVE-2024-55544

    Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-54152

    Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (u... Read more

    Affected Products : angular-expressions
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 8.4

    HIGH
    CVE-2024-10496

    An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI... Read more

    Affected Products : labview
    • Published: Dec. 10, 2024
    • Modified: Mar. 04, 2025

  • 8.4

    HIGH
    CVE-2024-10495

    An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a speciall... Read more

    Affected Products : labview
    • Published: Dec. 10, 2024
    • Modified: Mar. 04, 2025

  • 8.4

    HIGH
    CVE-2024-10494

    An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This v... Read more

    Affected Products : labview
    • Published: Dec. 10, 2024
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-54751

    COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-12323

    The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 6.8

    MEDIUM
    CVE-2024-12236

    A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended s... Read more

    Affected Products : vertex_gemini_api
    • Published: Dec. 10, 2024
    • Modified: Jul. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-5660

    Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Ne... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 16, 2024
Showing 20 of 292730 Results