Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-53255

    BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in ... Read more

    Affected Products : boidcms
    • Published: Nov. 25, 2024
    • Modified: May. 07, 2025

  • 8.2

    HIGH
    CVE-2024-52811

    The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.8

    MEDIUM
    CVE-2024-52529

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a sp... Read more

    Affected Products : cilium
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 4.6

    MEDIUM
    CVE-2024-51723

    A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session.... Read more

    Affected Products : athoc
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-32468

    Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScr... Read more

    Affected Products : deno
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 7.8

    HIGH
    CVE-2024-8272

    The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, o... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 7.8

    HIGH
    CVE-2024-7915

    The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, mani... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 9.1

    CRITICAL
    CVE-2024-52787

    An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file.... Read more

    Affected Products : librechat
    • Published: Nov. 25, 2024
    • Modified: Nov. 27, 2024

  • 7.2

    HIGH
    CVE-2024-45756

    An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is o... Read more

    Affected Products : centreon
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 7.2

    HIGH
    CVE-2024-45755

    An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploi... Read more

    Affected Products : centreon
    • Published: Nov. 25, 2024
    • Modified: Nov. 26, 2024

  • 6.1

    MEDIUM
    CVE-2023-45181

    IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... Read more

    Affected Products : jazz_foundation
    • Published: Nov. 25, 2024
    • Modified: Jan. 14, 2025

  • 5.3

    MEDIUM
    CVE-2023-26280

    IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.... Read more

    Affected Products : jazz_foundation
    • Published: Nov. 25, 2024
    • Modified: Jan. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-11672

    Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.... Read more

    Affected Products : remote_desktop_manager
    • Published: Nov. 25, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-11671

    Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.... Read more

    Affected Products : remote_desktop_manager
    • Published: Nov. 25, 2024
    • Modified: Mar. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-11670

    Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.... Read more

    Affected Products : remote_desktop_manager
    • Published: Nov. 25, 2024
    • Modified: Mar. 28, 2025

  • 7.0

    HIGH
    CVE-2024-27134

    Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() M... Read more

    Affected Products : mlflow
    • Published: Nov. 25, 2024
    • Modified: Feb. 03, 2025

  • 7.5

    HIGH
    CVE-2024-11498

    There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will ... Read more

    Affected Products : libjxl
    • Published: Nov. 25, 2024
    • Modified: Jul. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-11403

    There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does... Read more

    Affected Products : libjxl
    • Published: Nov. 25, 2024
    • Modified: Jul. 24, 2025

  • 1.0

    LOW
    CVE-2020-12492

    Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 4.8

    MEDIUM
    CVE-2020-12491

    Improper control of framework service permissions with possibility of some sensitive device information leakage.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024
Showing 20 of 291513 Results