Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-52959

    A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 9.3

    CRITICAL
    CVE-2024-52958

    A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 7.5

    HIGH
    CVE-2024-11219

    The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : otter_blocks
    • Published: Nov. 27, 2024
    • Modified: Jul. 14, 2025

  • 5.3

    MEDIUM
    CVE-2024-11083

    The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from ... Read more

    Affected Products : profilepress
    • Published: Nov. 27, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-5921

    An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Nov. 27, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-53676

    A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 27, 2024
    • Modified: Mar. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-11820

    A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. The ... Read more

    Affected Products : crud_operation_system
    • Published: Nov. 27, 2024
    • Modified: Dec. 03, 2024

  • 4.8

    MEDIUM
    CVE-2024-53849

    editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added... Read more

    Affected Products : editorconfig
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-11819

    A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgot_password_process.php. The manipulation of the argument username leads to sql injection. The ... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Nov. 27, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-11818

    A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possib... Read more

    • Published: Nov. 27, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-11817

    A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username l... Read more

    • Published: Nov. 26, 2024
    • Modified: Dec. 03, 2024

  • 7.5

    HIGH
    CVE-2024-53675

    An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-53674

    An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-53673

    A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-11622

    An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-50942

    qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 5.7

    MEDIUM
    CVE-2024-43784

    lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username a... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-11745

    A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The... Read more

    Affected Products : ac8_firmware ac8
    • Published: Nov. 26, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-11744

    A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql inject... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Nov. 26, 2024
    • Modified: Dec. 03, 2024

  • 7.4

    HIGH
    CVE-2024-8676

    A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod reques... Read more

    Affected Products : openshift_container_platform
    • Published: Nov. 26, 2024
    • Modified: Jul. 02, 2025
Showing 20 of 291401 Results