Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-48533

    A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-48531

    A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2024-48530

    An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Dec. 03, 2024

  • 4.9

    MEDIUM
    CVE-2024-52757

    D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 20, 2024
    • Modified: Nov. 22, 2024

  • 4.9

    MEDIUM
    CVE-2024-52754

    D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 20, 2024
    • Modified: Nov. 22, 2024

  • 7.5

    HIGH
    CVE-2024-48985

    An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of wh... Read more

    Affected Products : mbed
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024

  • 7.5

    HIGH
    CVE-2024-48983

    An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of ... Read more

    Affected Products : mbed
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024

  • 7.5

    HIGH
    CVE-2024-48981

    An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet header by looking up the identifying first byte and matching it against a table of possible lengths. The initial pars... Read more

    Affected Products : mbed
    • Published: Nov. 20, 2024
    • Modified: Nov. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-45510

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into sp... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 20, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45511

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim open... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 20, 2024
    • Modified: Jun. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-33439

    An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 27, 2024

  • 8.0

    HIGH
    CVE-2024-52739

    D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.... Read more

    Affected Products : di-8400_firmware di-8400
    • Published: Nov. 20, 2024
    • Modified: May. 09, 2025

  • 9.1

    CRITICAL
    CVE-2024-29292

    Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-11493

    A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be i... Read more

    Affected Products : 115cms
    • Published: Nov. 20, 2024
    • Modified: Nov. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-11492

    A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate... Read more

    Affected Products : 115cms
    • Published: Nov. 20, 2024
    • Modified: Nov. 22, 2024

  • 6.5

    MEDIUM
    CVE-2018-9487

    In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 20, 2024
    • Modified: Dec. 19, 2024

  • 6.5

    MEDIUM
    CVE-2018-9486

    In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for... Read more

    Affected Products : android
    • Published: Nov. 20, 2024
    • Modified: Dec. 19, 2024

  • 6.5

    MEDIUM
    CVE-2018-9485

    In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed f... Read more

    Affected Products : android
    • Published: Nov. 20, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2018-9484

    In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Nov. 20, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9483

    In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed... Read more

    Affected Products : android
    • Published: Nov. 20, 2024
    • Modified: Dec. 18, 2024
Showing 20 of 291269 Results