Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-38118

    Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.... Read more

    Affected Products : imanager
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2021-38117

    Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.... Read more

    Affected Products : imanager
    • Published: Nov. 22, 2024
    • Modified: Apr. 10, 2025

  • 8.8

    HIGH
    CVE-2021-38116

    Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5... Read more

    Affected Products : imanager
    • Published: Nov. 22, 2024
    • Modified: Apr. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-49054

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Nov. 22, 2024
    • Modified: Jan. 21, 2025

  • 2.6

    LOW
    CVE-2024-45719

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more

    Affected Products : answer
    • Published: Nov. 22, 2024
    • Modified: Jul. 01, 2025

  • 6.5

    MEDIUM
    CVE-2024-51766

    A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series ... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.9

    MEDIUM
    CVE-2024-41781

    IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An... Read more

    • Published: Nov. 22, 2024
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-41779

    IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remo... Read more

    • Published: Nov. 22, 2024
    • Modified: Aug. 15, 2025

  • 6.7

    MEDIUM
    CVE-2021-30299

    Possible out of bound access in audio module due to lack of validation of user provided input.... Read more

    • Published: Nov. 22, 2024
    • Modified: Nov. 25, 2024

  • 7.8

    HIGH
    CVE-2017-9711

    Certain unprivileged processes are able to perform IOCTL calls.... Read more

    • Published: Nov. 22, 2024
    • Modified: Nov. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-7882

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection.This issue affects e-Commerce: before 22.11.2024.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 26, 2024

  • 8.2

    HIGH
    CVE-2024-7837

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection.This issue affects ERP: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but d... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.8

    MEDIUM
    CVE-2024-8929

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of ... Read more

    Affected Products : php
    • Published: Nov. 22, 2024
    • Modified: Jul. 02, 2025

  • 6.6

    MEDIUM
    CVE-2024-9422

    The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.... Read more

    • Published: Nov. 22, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-8932

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.... Read more

    Affected Products : php ontap
    • Published: Nov. 22, 2024
    • Modified: Jul. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-8735

    The MailMunch – Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.8. This makes it possible for unaut... Read more

    Affected Products : mailmunch
    • Published: Nov. 22, 2024
    • Modified: Feb. 11, 2025

  • 8.1

    HIGH
    CVE-2024-11601

    The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2... Read more

    Affected Products : sky_addons_for_elementor
    • Published: Nov. 22, 2024
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-11381

    The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 4.3

    MEDIUM
    CVE-2024-11355

    The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. This makes it possible for a... Read more

    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-11225

    The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it p... Read more

    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024
Showing 20 of 291222 Results