Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-8177

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 13, 2024

  • 8.8

    HIGH
    CVE-2024-8114

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 6.3

    MEDIUM
    CVE-2024-53844

    E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in `RestExportService.java`. This vulnerability allows an attac... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-53620

    A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.... Read more

    Affected Products : spip
    • Published: Nov. 26, 2024
    • Modified: Jul. 03, 2025

  • 6.3

    MEDIUM
    CVE-2024-53619

    An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products : spip
    • Published: Nov. 26, 2024
    • Modified: Jul. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-53267

    sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log. Th... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 2.0

    LOW
    CVE-2024-52008

    Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces passwo... Read more

    Affected Products : fides
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 8.1

    HIGH
    CVE-2024-32965

    Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive inf... Read more

    Affected Products : lobe_chat
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 7.5

    HIGH
    CVE-2024-11828

    A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted A... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 7.5

    HIGH
    CVE-2024-11669

    An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of to... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-11668

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming re... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 6.2

    MEDIUM
    CVE-2024-51058

    Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.... Read more

    Affected Products : tcpdf
    • Published: Nov. 26, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-10878

    The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This ... Read more

    Affected Products : sugar_calendar
    • Published: Nov. 26, 2024
    • Modified: Jul. 09, 2025

  • 8.8

    HIGH
    CVE-2024-53555

    A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-53365

    A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.... Read more

    Affected Products : vehicle_parking_management_system
    • Published: Nov. 26, 2024
    • Modified: Mar. 27, 2025

  • 7.5

    HIGH
    CVE-2024-11407

    There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be... Read more

    Affected Products : grpc
    • Published: Nov. 26, 2024
    • Modified: Jul. 23, 2025

  • 5.5

    MEDIUM
    CVE-2024-52337

    A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker coul... Read more

    • Published: Nov. 26, 2024
    • Modified: Feb. 25, 2025

  • 7.8

    HIGH
    CVE-2024-52336

    A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script... Read more

    Affected Products : enterprise_linux
    • Published: Nov. 26, 2024
    • Modified: Feb. 03, 2025

  • 6.5

    MEDIUM
    CVE-2024-36463

    The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.... Read more

    Affected Products : zabbix
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 2.2

    LOW
    CVE-2024-22117

    When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the s... Read more

    Affected Products : zabbix
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024
Showing 20 of 291531 Results