Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-52287

    authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 8.0

    HIGH
    CVE-2024-48288

    TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.... Read more

    Affected Products : tl-ipc42c_firmware tl-ipc42c
    • Published: Nov. 21, 2024
    • Modified: Aug. 15, 2025

  • 8.0

    HIGH
    CVE-2024-48286

    Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.... Read more

    Affected Products : e3000_firmware e3000
    • Published: Nov. 21, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-52803

    LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious ... Read more

    Affected Products : llama-factory
    • Published: Nov. 21, 2024
    • Modified: Aug. 27, 2025

  • 8.2

    HIGH
    CVE-2024-52799

    Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-49529

    InDesign Desktop versions 19.0, 20.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this ... Read more

    Affected Products : macos windows indesign
    • Published: Nov. 21, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-45517

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's sessio... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2024-45513

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2024-45194

    In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 5.9

    MEDIUM
    CVE-2024-8526

    A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-8525

    An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file.... Read more

    Affected Products : webctrl
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-45514

    An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45512

    An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with th... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 7.5

    HIGH
    CVE-2024-53429

    Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash.... Read more

    Affected Products : open62541
    • Published: Nov. 21, 2024
    • Modified: Dec. 03, 2024

  • 6.8

    MEDIUM
    CVE-2024-48747

    An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.... Read more

    Affected Products : alist
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-29224

    An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : gocast
    • Published: Nov. 21, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-28892

    An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : gocast
    • Published: Nov. 21, 2024
    • Modified: Dec. 20, 2024

  • 7.2

    HIGH
    CVE-2024-28027

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 7.2

    HIGH
    CVE-2024-28026

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 7.2

    HIGH
    CVE-2024-28025

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 291368 Results