Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-52947

    A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the "Upgrade session... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-52946

    An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an a... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2024-52945

    An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user t... Read more

    Affected Products : netbackup
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-52944

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could r... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-52943

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This c... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-52942

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This c... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-52941

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This c... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-11310

    The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.... Read more

    Affected Products : dvc
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 7.5

    HIGH
    CVE-2024-11309

    The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.... Read more

    Affected Products : dvc
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 6.2

    MEDIUM
    CVE-2024-11308

    The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.... Read more

    Affected Products : dvc
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 7.5

    HIGH
    CVE-2024-52940

    AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.... Read more

    Affected Products : anydesk
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 8.4

    HIGH
    CVE-2024-43704

    Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.... Read more

    Affected Products : ddk
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 7.3

    HIGH
    CVE-2024-52926

    Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Dec. 24, 2024

  • 6.5

    MEDIUM
    CVE-2024-52922

    In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-52921

    In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52920

    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-52919

    Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-52918

    Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-52917

    Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-52916

    Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: Apr. 30, 2025
Showing 20 of 291638 Results