Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-10451

    A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-10270

    A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-6538

    A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed ... Read more

    Affected Products : openshift_container_platform
    • Published: Nov. 25, 2024
    • Modified: Jun. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-11660

    A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attac... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 7.2

    HIGH
    CVE-2024-11659

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_iperf. The manipulation of the argument iperf leads t... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 4.8

    MEDIUM
    CVE-2024-7056

    The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : wpforms
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-6393

    The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltere... Read more

    Affected Products : nextgen_gallery
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2024-11658

    A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/network/ajax_getChannelList. The manipulation of the ar... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 7.2

    HIGH
    CVE-2024-11657

    A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Affected is an unknown function of the file /admin/network/diag_nslookup. The manipulation of the argument diag_nslookup leads to ... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 3.5

    LOW
    CVE-2024-10710

    The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : yadisk_files
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 6.8

    MEDIUM
    CVE-2024-10709

    The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform S... Read more

    Affected Products : yadisk_files
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2024-11656

    A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This issue affects some unknown processing of the file /admin/network/diag_ping6. The manipulation of the argument diag_ping6... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 7.2

    HIGH
    CVE-2024-11655

    A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This vulnerability affects unknown code of the file /admin/network/diag_pinginterface. The manipulation of the argument diag_ping leads to com... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 7.2

    HIGH
    CVE-2024-11654

    A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This affects an unknown part of the file /admin/network/diag_traceroute6. The manipulation of the argument diag_traceroute6 leads to comm... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 7.2

    HIGH
    CVE-2024-11653

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_traceroute. The manipulation of the argument diag... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 5.0

    MEDIUM
    CVE-2024-11483

    A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Dec. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-53930

    WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, which is mishandled by a KaTeX parser.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 26, 2024

  • 7.2

    HIGH
    CVE-2024-11652

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sn_package/sn_https. The manipulation of the argument... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 7.2

    HIGH
    CVE-2024-11651

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been classified as critical. Affected is an unknown function of the file /admin/network/wifi_schedule. The manipulation of the argument wifi_schedule_day_em_5... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 7.5

    HIGH
    CVE-2024-11650

    A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploi... Read more

    Affected Products : i9_firmware
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024
Showing 20 of 291384 Results