Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-11997

    A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Nov. 30, 2024
    • Modified: Dec. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-11996

    A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The atta... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Nov. 30, 2024
    • Modified: Dec. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-11252

    The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output esc... Read more

    Affected Products : sassy_social_share
    • Published: Nov. 30, 2024
    • Modified: Jul. 09, 2025

  • 8.1

    HIGH
    CVE-2024-43703

    Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.... Read more

    Affected Products : ddk
    • Published: Nov. 30, 2024
    • Modified: Dec. 01, 2024

  • 8.1

    HIGH
    CVE-2024-43702

    Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page.... Read more

    Affected Products : ddk
    • Published: Nov. 30, 2024
    • Modified: Dec. 01, 2024

  • 7.5

    HIGH
    CVE-2024-53623

    Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.... Read more

    Affected Products : archer_c7_firmware
    • Published: Nov. 29, 2024
    • Modified: Dec. 02, 2024

  • 4.1

    MEDIUM
    CVE-2024-54159

    stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Dec. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-11995

    A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /pagamento.php. The manipulation of the argument total leads to cross site scripting. The at... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Nov. 29, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-53507

    A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.... Read more

    Affected Products : siyuan
    • Published: Nov. 29, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-53506

    A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.... Read more

    Affected Products : siyuan
    • Published: Nov. 29, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-53505

    A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.... Read more

    Affected Products : siyuan
    • Published: Nov. 29, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-53504

    A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.... Read more

    Affected Products : siyuan
    • Published: Nov. 29, 2024
    • Modified: Apr. 14, 2025

  • 7.5

    HIGH
    CVE-2024-36612

    Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.... Read more

    Affected Products : zulip zulip_server
    • Published: Nov. 29, 2024
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2024-35371

    Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or ot... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Dec. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-35368

    FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.... Read more

    Affected Products : ffmpeg
    • Published: Nov. 29, 2024
    • Modified: Jun. 03, 2025

  • 9.1

    CRITICAL
    CVE-2024-35367

    FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer... Read more

    Affected Products : ffmpeg
    • Published: Nov. 29, 2024
    • Modified: Jun. 03, 2025

  • 9.1

    CRITICAL
    CVE-2024-35366

    FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration value... Read more

    Affected Products : ffmpeg
    • Published: Nov. 29, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-53983

    The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git co... Read more

    Affected Products : backstage backstage
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 6.9

    MEDIUM
    CVE-2024-53980

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed F... Read more

    Affected Products : riot
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 8.2

    HIGH
    CVE-2024-53979

    ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection "ibm.ibm_zhmc" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024
Showing 20 of 291672 Results