Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2024-49053

    Microsoft Dynamics 365 Sales Spoofing Vulnerability... Read more

    Affected Products : dynamics_365 dynamics_365_sales
    • Published: Nov. 26, 2024
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-49052

    Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_functions
    • Published: Nov. 26, 2024
    • Modified: Feb. 05, 2025

  • 9.6

    CRITICAL
    CVE-2024-49038

    Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.... Read more

    Affected Products : copilot_studio
    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-49035

    An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.... Read more

    Affected Products : partner_center
    • Actively Exploited
    • Published: Nov. 26, 2024
    • Modified: Feb. 27, 2025

  • 6.9

    MEDIUM
    CVE-2024-11743

    A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulat... Read more

    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-11742

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument la... Read more

    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-11145

    Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-10240

    An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some infor... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 13, 2024

  • 9.0

    CRITICAL
    CVE-2019-17082

    Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login ... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Dec. 17, 2024

  • 7.5

    HIGH
    CVE-2024-8237

    A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 13, 2024

  • 7.5

    HIGH
    CVE-2024-8177

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 13, 2024

  • 8.8

    HIGH
    CVE-2024-8114

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 6.3

    MEDIUM
    CVE-2024-53844

    E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in `RestExportService.java`. This vulnerability allows an attac... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-53620

    A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.... Read more

    Affected Products : spip
    • Published: Nov. 26, 2024
    • Modified: Jul. 03, 2025

  • 6.3

    MEDIUM
    CVE-2024-53619

    An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products : spip
    • Published: Nov. 26, 2024
    • Modified: Jul. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-53267

    sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log. Th... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 2.0

    LOW
    CVE-2024-52008

    Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces passwo... Read more

    Affected Products : fides
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 8.1

    HIGH
    CVE-2024-32965

    Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive inf... Read more

    Affected Products : lobe_chat
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.5

    HIGH
    CVE-2024-11828

    A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted A... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-11669

    An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of to... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024
Showing 20 of 291401 Results