Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-11672

    Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.... Read more

    Affected Products : remote_desktop_manager
    • Published: Nov. 25, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-11671

    Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.... Read more

    Affected Products : remote_desktop_manager
    • Published: Nov. 25, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-11670

    Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.... Read more

    Affected Products : remote_desktop_manager
    • Published: Nov. 25, 2024
    • Modified: Mar. 28, 2025

  • 7.0

    HIGH
    CVE-2024-27134

    Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() M... Read more

    Affected Products : mlflow
    • Published: Nov. 25, 2024
    • Modified: Feb. 03, 2025

  • 7.5

    HIGH
    CVE-2024-11498

    There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will ... Read more

    Affected Products : libjxl
    • Published: Nov. 25, 2024
    • Modified: Jul. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-11403

    There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does... Read more

    Affected Products : libjxl
    • Published: Nov. 25, 2024
    • Modified: Jul. 24, 2025

  • 1.0

    LOW
    CVE-2020-12492

    Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 4.8

    MEDIUM
    CVE-2020-12491

    Improper control of framework service permissions with possibility of some sensitive device information leakage.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-11664

    A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. T... Read more

    Affected Products : enms
    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-11663

    A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launch... Read more

    Affected Products : e-commerce_site
    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 6.7

    MEDIUM
    CVE-2022-33862

    IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.... Read more

    Affected Products : intelligent_power_protector
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.1

    MEDIUM
    CVE-2022-33861

    IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data.... Read more

    Affected Products : intelligent_power_protector
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.2

    MEDIUM
    CVE-2021-23282

    Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subn... Read more

    Affected Products : intelligent_power_manager
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 4.7

    MEDIUM
    CVE-2024-9666

    A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, s... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-11662

    A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation lead... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-11661

    A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argume... Read more

    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 2.7

    LOW
    CVE-2024-10492

    A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.9

    MEDIUM
    CVE-2024-10451

    A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-10270

    A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-6538

    A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed ... Read more

    Affected Products : openshift_container_platform
    • Published: Nov. 25, 2024
    • Modified: Jun. 13, 2025
Showing 20 of 291401 Results