Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-49551

    Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos media_encoder windows
    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 6.3

    MEDIUM
    CVE-2024-49535

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input ... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 23, 2025

  • 5.5

    MEDIUM
    CVE-2024-49534

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t... Read more

    • Published: Dec. 10, 2024
    • Modified: Feb. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-49533

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t... Read more

    • Published: Dec. 10, 2024
    • Modified: Feb. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-49532

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t... Read more

    • Published: Dec. 10, 2024
    • Modified: Feb. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-49531

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnera... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 21, 2025

  • 7.8

    HIGH
    CVE-2024-49530

    Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this ... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 21, 2025

  • 8.0

    HIGH
    CVE-2024-46341

    TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-46340

    TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-9844

    Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.... Read more

    Affected Products : connect_secure
    • Published: Dec. 10, 2024
    • Modified: Jan. 17, 2025

  • 8.8

    HIGH
    CVE-2024-8540

    Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.... Read more

    Affected Products : standalone_sentry
    • Published: Dec. 10, 2024
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2024-7572

    Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.... Read more

    Affected Products : desktop_\&_server_management
    • Published: Dec. 10, 2024
    • Modified: Jul. 11, 2025

  • 4.4

    MEDIUM
    CVE-2024-55550

    Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources ... Read more

    Affected Products : micollab
    • Actively Exploited
    • Published: Dec. 10, 2024
    • Modified: Jan. 08, 2025

  • 8.8

    HIGH
    CVE-2024-55500

    Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024

  • 7.2

    HIGH
    CVE-2024-54008

    An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024

  • 4.6

    MEDIUM
    CVE-2024-50931

    Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.... Read more

    • Published: Dec. 10, 2024
    • Modified: Jul. 01, 2025

  • 8.8

    HIGH
    CVE-2024-50930

    An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.... Read more

    • Published: Dec. 10, 2024
    • Modified: Jul. 01, 2025

  • 6.2

    MEDIUM
    CVE-2024-50929

    Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).... Read more

    • Published: Dec. 10, 2024
    • Modified: Jul. 01, 2025

  • 6.5

    MEDIUM
    CVE-2024-50928

    Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller.... Read more

    • Published: Dec. 10, 2024
    • Modified: Jul. 01, 2025

  • 6.5

    MEDIUM
    CVE-2024-50924

    Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.... Read more

    • Published: Dec. 10, 2024
    • Modified: Jul. 01, 2025
Showing 20 of 292764 Results