Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-52726

    CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information... Read more

    Affected Products : crmeb
    • Published: Nov. 22, 2024
    • Modified: Jul. 07, 2025

  • 7.5

    HIGH
    CVE-2024-11618

    A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The ... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.8

    MEDIUM
    CVE-2024-50657

    An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-37783

    A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-37782

    An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field.... Read more

    Affected Products : centrestack
    • Published: Nov. 22, 2024
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-53438

    EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing ... Read more

    Affected Products : churchcrm
    • Published: Nov. 22, 2024
    • Modified: Mar. 28, 2025

  • 7.5

    HIGH
    CVE-2024-44786

    Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Mar. 13, 2025

  • 8.1

    HIGH
    CVE-2024-10220

    The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.... Read more

    Affected Products : kubernetes
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 2.8

    LOW
    CVE-2024-52814

    Argo Helm is a collection of community maintained charts for `argoproj.github.io` projects. Prior to version 0.45.0, the `workflow-role`) lacks granularity in its privileges, giving permissions to `workflowtasksets` and `workflowartifactgctasks` to all wo... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 7.5

    HIGH
    CVE-2024-52804

    Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted... Read more

    Affected Products : tornado
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 7.5

    HIGH
    CVE-2024-52802

    RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processin... Read more

    Affected Products : riot
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-52793

    The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the s... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-52723

    In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Nov. 22, 2024
    • Modified: Mar. 13, 2025

  • 6.7

    MEDIUM
    CVE-2024-51074

    Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is ... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Jan. 13, 2025

  • 6.7

    MEDIUM
    CVE-2024-51073

    An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this is disputed by the Supplier because the findings came from a ... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Jan. 13, 2025

  • 5.3

    MEDIUM
    CVE-2024-51072

    An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealisti... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Jan. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-50965

    Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 2.1

    LOW
    CVE-2024-50401

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modif... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 2.1

    LOW
    CVE-2024-50400

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modif... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 2.1

    LOW
    CVE-2024-50399

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modif... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024
Showing 20 of 291275 Results