Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-41125

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 8.7

    HIGH
    CVE-2023-29001

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this pro... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-9369

    Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 27, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-7025

    Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 27, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-54004

    Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.... Read more

    Affected Products : filesystem_list_parameter
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 8.0

    HIGH
    CVE-2024-54003

    Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 6.8

    MEDIUM
    CVE-2024-51228

    An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302R... Read more

    • Published: Nov. 27, 2024
    • Modified: Nov. 29, 2024

  • 4.2

    MEDIUM
    CVE-2024-37816

    Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 8.0

    HIGH
    CVE-2024-31976

    EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-21703

    This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated ... Read more

    • Published: Nov. 27, 2024
    • Modified: Jul. 30, 2025

  • 6.9

    MEDIUM
    CVE-2024-11860

    A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the ... Read more

    • Published: Nov. 27, 2024
    • Modified: Dec. 04, 2024

  • 7.8

    HIGH
    CVE-2024-53920

    In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsa... Read more

    Affected Products : emacs
    • Published: Nov. 27, 2024
    • Modified: Apr. 30, 2025

  • 8.0

    HIGH
    CVE-2024-52951

    Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Re... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-46055

    OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.... Read more

    Affected Products : openvidreview
    • Published: Nov. 27, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-46054

    OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.... Read more

    Affected Products : openvidreview
    • Published: Nov. 27, 2024
    • Modified: May. 15, 2025

  • 5.1

    MEDIUM
    CVE-2024-11862

    Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-53635

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter... Read more

    Affected Products : covid19_testing_management_system
    • Published: Nov. 27, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-53604

    A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.... Read more

    Affected Products : covid19_testing_management_system
    • Published: Nov. 27, 2024
    • Modified: Mar. 27, 2025

  • 7.3

    HIGH
    CVE-2024-53603

    A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.... Read more

    Affected Products : covid19_testing_management_system
    • Published: Nov. 27, 2024
    • Modified: Mar. 27, 2025

  • 2.7

    LOW
    CVE-2024-36464

    When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024
Showing 20 of 291659 Results