Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2017-13321

    In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution priv... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2017-13320

    In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2017-13319

    In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. Use... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 8.4

    HIGH
    CVE-2017-13316

    In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 1.9

    LOW
    CVE-2024-53855

    Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can ... Read more

    Affected Products : centurion_erp
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 5.1

    MEDIUM
    CVE-2024-53264

    bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loadi... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 7.5

    HIGH
    CVE-2024-47181

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementation... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-41126

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-41125

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 8.7

    HIGH
    CVE-2023-29001

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this pro... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-9369

    Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 27, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-7025

    Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 27, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-54004

    Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.... Read more

    Affected Products : filesystem_list_parameter
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 8.0

    HIGH
    CVE-2024-54003

    Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 6.8

    MEDIUM
    CVE-2024-51228

    An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302R... Read more

    • Published: Nov. 27, 2024
    • Modified: Nov. 29, 2024

  • 4.2

    MEDIUM
    CVE-2024-37816

    Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 8.0

    HIGH
    CVE-2024-31976

    EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-21703

    This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated ... Read more

    • Published: Nov. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.9

    MEDIUM
    CVE-2024-11860

    A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the ... Read more

    • Published: Nov. 27, 2024
    • Modified: Dec. 04, 2024

  • 7.8

    HIGH
    CVE-2024-53920

    In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsa... Read more

    Affected Products : emacs
    • Published: Nov. 27, 2024
    • Modified: Apr. 30, 2025
Showing 20 of 291647 Results