Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-11992

    Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the s... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 4.6

    MEDIUM
    CVE-2024-11990

    A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-50357

    FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided e... Read more

    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 5.7

    MEDIUM
    CVE-2024-47094

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.... Read more

    Affected Products : checkmk checkmk
    • Published: Nov. 29, 2024
    • Modified: Dec. 03, 2024

  • 4.6

    MEDIUM
    CVE-2024-9044

    A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 7.2

    HIGH
    CVE-2024-11983

    Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 7.2

    HIGH
    CVE-2024-11982

    Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-11482

    A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user.... Read more

    Affected Products : enterprise_security_manager
    • Published: Nov. 29, 2024
    • Modified: Mar. 18, 2025

  • 8.2

    HIGH
    CVE-2024-11481

    A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing in... Read more

    Affected Products : enterprise_security_manager
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-11014

    Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the manage... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Jul. 23, 2025

  • 7.2

    HIGH
    CVE-2024-11013

    Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2024-11981

    Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 3.1

    LOW
    CVE-2024-53701

    Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-39162

    pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 8.6

    HIGH
    CVE-2024-11980

    Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-10980

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post w... Read more

    Affected Products : element_pack
    • Published: Nov. 29, 2024
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-10704

    The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : photo_gallery
    • Published: Nov. 29, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2024-48651

    In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.... Read more

    Affected Products : proftpd
    • Published: Nov. 29, 2024
    • Modified: Mar. 17, 2025

  • 4.3

    MEDIUM
    CVE-2024-45495

    MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Dec. 04, 2024

  • 4.8

    MEDIUM
    CVE-2024-35451

    LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.... Read more

    Affected Products : linkstack
    • Published: Nov. 29, 2024
    • Modified: Jul. 03, 2025
Showing 20 of 291615 Results