Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-52433

    Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2.... Read more

    Affected Products : my_geo_posts_free
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52432

    Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through 0.0.4.... Read more

    Affected Products : nix_anti-spam_light
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52431

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Import... Read more

    Affected Products : wordpress_video_robot
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52430

    Deserialization of Untrusted Data vulnerability in Lis Lis Video Gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through 0.2.1.... Read more

    Affected Products : video_gallery
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.9

    CRITICAL
    CVE-2024-52429

    Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0.... Read more

    Affected Products : wp_quick_setup
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52428

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12.... Read more

    Affected Products : ads_booster_by_ads_pro
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.9

    CRITICAL
    CVE-2024-52427

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11.... Read more

    Affected Products : event_tickets_with_ticket_scanner
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 8.2

    HIGH
    CVE-2024-37155

    OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitesp... Read more

    Affected Products : opencti
    • Published: Nov. 18, 2024
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2024-28058

    In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.1

    MEDIUM
    CVE-2024-11304

    Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS). This issue affects utnserver Pro, utnserver ProMAX, INU-100 versio... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2024-9526

    There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered... Read more

    Affected Products : pipelines
    • Published: Nov. 18, 2024
    • Modified: Jul. 23, 2025

  • 8.7

    HIGH
    CVE-2024-8781

    Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.This issue affects Application Security Platform (ASP): v1.4.25.188.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-11318

    An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session ident... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 8.7

    HIGH
    CVE-2024-11303

    The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-52318

    Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.... Read more

    Affected Products : tomcat
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2024-3370

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-52317

    Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 ... Read more

    Affected Products : tomcat
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-52316

    Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly settin... Read more

    Affected Products : tomcat
    • Published: Nov. 18, 2024
    • Modified: Aug. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-48901

    A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.... Read more

    Affected Products : moodle
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-48898

    A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.... Read more

    Affected Products : moodle
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024
Showing 20 of 291756 Results