Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-9402

    In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel.... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2018-9400

    In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege ... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2018-9399

    In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2018-9398

    In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 7.8

    HIGH
    CVE-2018-9397

    In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 8.7

    HIGH
    CVE-2024-53982

    ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user... Read more

    Affected Products : zoo
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-12183

    A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is po... Read more

    Affected Products : dedecms
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-12182

    A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack... Read more

    Affected Products : dedecms
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-12181

    A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to c... Read more

    Affected Products : dedecms
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-12180

    A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remo... Read more

    Affected Products : dedecms
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 7.8

    HIGH
    CVE-2018-9396

    In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User int... Read more

    Affected Products : android
    • Published: Dec. 04, 2024
    • Modified: Dec. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-54675

    app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 6.1

    MEDIUM
    CVE-2024-54674

    app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 5.3

    MEDIUM
    CVE-2024-51210

    Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional b... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 05, 2024

  • 7.5

    HIGH
    CVE-2024-50947

    An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : kmqtt
    • Published: Dec. 04, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2024-39219

    An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 11, 2024

  • 3.7

    LOW
    CVE-2024-38829

    A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. Th... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-48453

    An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-12196

    Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025

  • 5.0

    MEDIUM
    CVE-2024-12151

    Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.... Read more

    Affected Products : devolutions_server
    • Published: Dec. 04, 2024
    • Modified: Mar. 28, 2025
Showing 20 of 292727 Results