Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-52337

    A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker coul... Read more

    • Published: Nov. 26, 2024
    • Modified: Feb. 25, 2025

  • 7.8

    HIGH
    CVE-2024-52336

    A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script... Read more

    Affected Products : enterprise_linux
    • Published: Nov. 26, 2024
    • Modified: Feb. 03, 2025

  • 6.5

    MEDIUM
    CVE-2024-36463

    The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.... Read more

    Affected Products : zabbix
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 2.2

    LOW
    CVE-2024-22117

    When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the s... Read more

    Affected Products : zabbix
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-9929

    A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-9928

    A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipmen... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.2

    HIGH
    CVE-2024-9461

    The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation... Read more

    Affected Products : total_upkeep
    • Published: Nov. 26, 2024
    • Modified: May. 22, 2025

  • 6.4

    MEDIUM
    CVE-2024-8236

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization ... Read more

    Affected Products : website_builder
    • Published: Nov. 26, 2024
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-53976

    Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-53975

    Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-11708

    Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 26, 2024
    • Modified: Apr. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-11706

    A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 1... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 26, 2024
    • Modified: Apr. 07, 2025

  • 9.1

    CRITICAL
    CVE-2024-11705

    `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` t... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 26, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-11704

    A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Nov. 26, 2024
    • Modified: Apr. 07, 2025

  • 5.7

    MEDIUM
    CVE-2024-11703

    On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 05, 2025

  • 7.5

    HIGH
    CVE-2024-11702

    Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 26, 2024
    • Modified: Apr. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-11701

    The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 26, 2024
    • Modified: Apr. 05, 2025

  • 8.1

    HIGH
    CVE-2024-11700

    Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerabili... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 26, 2024
    • Modified: Apr. 03, 2025

  • 8.8

    HIGH
    CVE-2024-11699

    Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Nov. 26, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-11698

    A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions li... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Nov. 26, 2024
    • Modified: Jun. 24, 2025
Showing 20 of 291395 Results