Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-41970

    A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2023-39180

    A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installation... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2023-39179

    A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage thi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2023-39176

    A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An at... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 8.9

    HIGH
    CVE-2024-48962

    Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users ... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-47208

    Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 7.5

    HIGH
    CVE-2024-45791

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-45505

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-41969

    A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-41968

    A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41967

    A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-41151

    Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes th... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-49574

    Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 8.8

    HIGH
    CVE-2024-22067

    ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.... Read more

    Affected Products : nh8091_firmware nh8091
    • Published: Nov. 18, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-11315

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.... Read more

    Affected Products : dvc
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-11314

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.... Read more

    Affected Products : dvc
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-11313

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.... Read more

    Affected Products : dvc
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-11312

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.... Read more

    Affected Products : dvc
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-11311

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.... Read more

    Affected Products : dvc
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 3.8

    LOW
    CVE-2024-5030

    The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025
Showing 20 of 291638 Results