Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.0

    LOW
    CVE-2020-12492

    Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 4.8

    MEDIUM
    CVE-2020-12491

    Improper control of framework service permissions with possibility of some sensitive device information leakage.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-11664

    A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. T... Read more

    Affected Products : enms
    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-11663

    A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launch... Read more

    Affected Products : e-commerce_site
    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 6.7

    MEDIUM
    CVE-2022-33862

    IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.... Read more

    Affected Products : intelligent_power_protector
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.1

    MEDIUM
    CVE-2022-33861

    IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data.... Read more

    Affected Products : intelligent_power_protector
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.2

    MEDIUM
    CVE-2021-23282

    Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subn... Read more

    Affected Products : intelligent_power_manager
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 4.7

    MEDIUM
    CVE-2024-9666

    A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, s... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-11662

    A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation lead... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-11661

    A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argume... Read more

    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 2.7

    LOW
    CVE-2024-10492

    A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.9

    MEDIUM
    CVE-2024-10451

    A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-10270

    A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-6538

    A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed ... Read more

    Affected Products : openshift_container_platform
    • Published: Nov. 25, 2024
    • Modified: Jun. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-11660

    A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attac... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 7.2

    HIGH
    CVE-2024-11659

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_iperf. The manipulation of the argument iperf leads t... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 4.8

    MEDIUM
    CVE-2024-7056

    The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : wpforms
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-6393

    The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltere... Read more

    Affected Products : nextgen_gallery
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2024-11658

    A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/network/ajax_getChannelList. The manipulation of the ar... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025

  • 7.2

    HIGH
    CVE-2024-11657

    A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Affected is an unknown function of the file /admin/network/diag_nslookup. The manipulation of the argument diag_nslookup leads to ... Read more

    • Published: Nov. 25, 2024
    • Modified: Feb. 12, 2025
Showing 20 of 291395 Results