Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-11013

    Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2024-11981

    Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 3.1

    LOW
    CVE-2024-53701

    Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-39162

    pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 8.6

    HIGH
    CVE-2024-11980

    Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-10980

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post w... Read more

    Affected Products : element_pack
    • Published: Nov. 29, 2024
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-10704

    The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : photo_gallery
    • Published: Nov. 29, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2024-48651

    In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.... Read more

    Affected Products : proftpd
    • Published: Nov. 29, 2024
    • Modified: Mar. 17, 2025

  • 4.3

    MEDIUM
    CVE-2024-45495

    MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Dec. 04, 2024

  • 4.8

    MEDIUM
    CVE-2024-35451

    LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.... Read more

    Affected Products : linkstack
    • Published: Nov. 29, 2024
    • Modified: Jul. 03, 2025

  • 8.8

    HIGH
    CVE-2024-54124

    In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen.... Read more

    Affected Products : passwordstate
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-54123

    Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-11979

    DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading websh... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 7.5

    HIGH
    CVE-2024-11978

    DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 7.8

    HIGH
    CVE-2024-9852

    Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a spe... Read more

    Affected Products : genesis64 mc_works64
    • Published: Nov. 28, 2024
    • Modified: Dec. 06, 2024

  • 7.0

    HIGH
    CVE-2024-8300

    Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious cod... Read more

    Affected Products : genesis64
    • Published: Nov. 28, 2024
    • Modified: Dec. 06, 2024

  • 7.8

    HIGH
    CVE-2024-8299

    Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a spe... Read more

    Affected Products : genesis64 mc_works64
    • Published: Nov. 28, 2024
    • Modified: Dec. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-11971

    A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argum... Read more

    Affected Products : jpress
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-11970

    A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. Affected is an unknown function of the file /tour(cor).php. The manipulation of the argument mai leads to sql injection. It is possible to launch th... Read more

    Affected Products : concert_ticket_ordering_system
    • Published: Nov. 28, 2024
    • Modified: Dec. 02, 2024

  • 7.5

    HIGH
    CVE-2024-11968

    A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The ... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024
Showing 20 of 291625 Results