Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-54108

    Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-54107

    Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-54106

    Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-54105

    Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-54104

    Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-54103

    Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 6.1

    MEDIUM
    CVE-2024-54102

    Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 14, 2025

  • 6.2

    MEDIUM
    CVE-2024-54101

    Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 17, 2025

  • 7.5

    HIGH
    CVE-2024-54100

    Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 14, 2025

  • 7.1

    HIGH
    CVE-2024-54099

    File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 10, 2025

  • 8.5

    HIGH
    CVE-2024-54098

    Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 10, 2025

  • 7.5

    HIGH
    CVE-2024-54097

    Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 10, 2025

  • 5.5

    MEDIUM
    CVE-2024-54096

    Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 12, 2024
    • Modified: Jan. 10, 2025

  • 6.7

    MEDIUM
    CVE-2024-12570

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab s... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 4.0

    MEDIUM
    CVE-2024-12292

    An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained i... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 8.7

    HIGH
    CVE-2024-11274

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfilt... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 3.1

    LOW
    CVE-2024-10043

    An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title thr... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-21574

    The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pi... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 4.4

    MEDIUM
    CVE-2024-12401

    A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denia... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 7.4

    HIGH
    CVE-2024-12397

    A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additi... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 293333 Results