Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-32965

    Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive inf... Read more

    Affected Products : lobe_chat
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.5

    HIGH
    CVE-2024-11828

    A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted A... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-11669

    An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of to... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-11668

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming re... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 6.2

    MEDIUM
    CVE-2024-51058

    Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.... Read more

    Affected Products : tcpdf
    • Published: Nov. 26, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-10878

    The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This ... Read more

    Affected Products : sugar_calendar
    • Published: Nov. 26, 2024
    • Modified: Jul. 09, 2025

  • 8.8

    HIGH
    CVE-2024-53555

    A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-53365

    A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.... Read more

    Affected Products : vehicle_parking_management_system
    • Published: Nov. 26, 2024
    • Modified: Mar. 27, 2025

  • 7.5

    HIGH
    CVE-2024-11407

    There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be... Read more

    Affected Products : grpc
    • Published: Nov. 26, 2024
    • Modified: Jul. 23, 2025

  • 5.5

    MEDIUM
    CVE-2024-52337

    A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker coul... Read more

    • Published: Nov. 26, 2024
    • Modified: Feb. 25, 2025

  • 7.8

    HIGH
    CVE-2024-52336

    A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script... Read more

    Affected Products : enterprise_linux
    • Published: Nov. 26, 2024
    • Modified: Feb. 03, 2025

  • 6.5

    MEDIUM
    CVE-2024-36463

    The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.... Read more

    Affected Products : zabbix
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 2.2

    LOW
    CVE-2024-22117

    When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the s... Read more

    Affected Products : zabbix
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-9929

    A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-9928

    A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipmen... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.2

    HIGH
    CVE-2024-9461

    The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation... Read more

    Affected Products : total_upkeep
    • Published: Nov. 26, 2024
    • Modified: May. 22, 2025

  • 6.4

    MEDIUM
    CVE-2024-8236

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization ... Read more

    Affected Products : website_builder
    • Published: Nov. 26, 2024
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-53976

    Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-53975

    Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-11708

    Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 26, 2024
    • Modified: Apr. 04, 2025
Showing 20 of 291384 Results