Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-31408

    OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.9

    MEDIUM
    CVE-2024-52056

    Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2024-52055

    Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.1

    MEDIUM
    CVE-2024-52054

    Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-52053

    Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-52052

    Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-52616

    A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction ID... Read more

    Affected Products : enterprise_linux avahi
    • Published: Nov. 21, 2024
    • Modified: May. 14, 2025

  • 5.3

    MEDIUM
    CVE-2024-52615

    A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.... Read more

    Affected Products : avahi
    • Published: Nov. 21, 2024
    • Modified: Jul. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-51367

    An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-51366

    An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Dec. 04, 2024

  • 8.8

    HIGH
    CVE-2024-51364

    An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 27, 2024

  • 6.8

    MEDIUM
    CVE-2024-49588

    Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2024-53095

    In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. [0] The workload runs on Kubernetes, a... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Mar. 24, 2025

  • 5.5

    MEDIUM
    CVE-2024-53094

    In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES While running ISER over SIW, the initiator machine encounters a warning from skb_splice_from_iter() indicating that a slab ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53093

    In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait un... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53092

    In the Linux kernel, the following vulnerability has been resolved: virtio_pci: Fix admin vq cleanup by using correct info pointer vp_modern_avq_cleanup() and vp_del_vqs() clean up admin vq resources by virtio_pci_vq_info pointer. The info pointer of ad... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53091

    In the Linux kernel, the following vulnerability has been resolved: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx As the introduction of the support for vsock and unix sockets in sockmap, tls_sw_has_ctx_tx/rx cannot presume the socket pa... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53090

    In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to take a ref o... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-53089

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f ("KVM: LAPIC: Mark hrtimer to expire in hard interrupt context") and commit 9090825fa9974 ("KV... Read more

    Affected Products : linux_kernel
    • Published: Nov. 21, 2024
    • Modified: Dec. 24, 2024

  • 3.5

    LOW
    CVE-2024-51337

    Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php.... Read more

    Affected Products : gibbon
    • Published: Nov. 21, 2024
    • Modified: Jul. 17, 2025
Showing 20 of 291275 Results