Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-53091

    In the Linux kernel, the following vulnerability has been resolved: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx As the introduction of the support for vsock and unix sockets in sockmap, tls_sw_has_ctx_tx/rx cannot presume the socket pa... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53090

    In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to take a ref o... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53089

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f ("KVM: LAPIC: Mark hrtimer to expire in hard interrupt context") and commit 9090825fa9974 ("KV... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 3.5

    LOW
    CVE-2024-51337

    Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php.... Read more

    Affected Products : gibbon
    • Published: Nov. 21, 2024
    • Modified: Jul. 17, 2025

  • 7.5

    HIGH
    CVE-2024-53432

    While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack when processing untrusted PLY f... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Dec. 04, 2024

  • 7.8

    HIGH
    CVE-2024-53335

    TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Nov. 21, 2024
    • Modified: Apr. 04, 2025

  • 8.8

    HIGH
    CVE-2024-53334

    TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Nov. 21, 2024
    • Modified: Apr. 04, 2025

  • 6.3

    MEDIUM
    CVE-2024-53333

    TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.... Read more

    Affected Products : ex200_firmware ex200
    • Published: Nov. 21, 2024
    • Modified: Apr. 04, 2025

  • 5.1

    MEDIUM
    CVE-2024-52309

    SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certa... Read more

    Affected Products : sftpgo
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2024-52307

    authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRET_KEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prom... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-52289

    authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirect_uri value received as... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 7.2

    HIGH
    CVE-2024-52287

    authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 8.0

    HIGH
    CVE-2024-48288

    TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.... Read more

    Affected Products : tl-ipc42c_firmware tl-ipc42c
    • Published: Nov. 21, 2024
    • Modified: Aug. 15, 2025

  • 8.0

    HIGH
    CVE-2024-48286

    Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.... Read more

    Affected Products : e3000_firmware e3000
    • Published: Nov. 21, 2024
    • Modified: Jun. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52803

    LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious ... Read more

    Affected Products : llama-factory
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2024-52799

    Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-49529

    InDesign Desktop versions 19.0, 20.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this ... Read more

    Affected Products : macos windows indesign
    • Published: Nov. 21, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-45517

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's sessio... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2024-45513

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2024-45194

    In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025
Showing 20 of 291219 Results