Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-38370

    GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16.... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Feb. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-11261

    A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0. Affected is an unknown function of the file StudentRecordManagementSystem.cpp of the component Number of Students Menu. The manipulation l... Read more

    Affected Products : student_record_management_system
    • Published: Nov. 15, 2024
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-13314

    In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed ... Read more

    Affected Products : android
    • Published: Nov. 15, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2017-13313

    In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges ne... Read more

    Affected Products : android
    • Published: Nov. 15, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2017-13312

    In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution ... Read more

    Affected Products : android
    • Published: Nov. 15, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2017-13311

    In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional ... Read more

    Affected Products : android
    • Published: Nov. 15, 2024
    • Modified: Dec. 18, 2024

  • 7.8

    HIGH
    CVE-2017-13310

    In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execut... Read more

    Affected Products : android
    • Published: Nov. 15, 2024
    • Modified: Dec. 17, 2024

  • 6.7

    MEDIUM
    CVE-2024-49592

    Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could... Read more

    Affected Products : total_protection
    • Published: Nov. 15, 2024
    • Modified: Nov. 27, 2024

  • 8.8

    HIGH
    CVE-2024-49060

    Azure Stack HCI Elevation of Privilege Vulnerability... Read more

    • Published: Nov. 15, 2024
    • Modified: Jan. 23, 2025

  • 5.7

    MEDIUM
    CVE-2024-45611

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another ... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-45610

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XS... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-44758

    An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 27, 2024

  • 4.9

    MEDIUM
    CVE-2024-11217

    A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 6.2

    MEDIUM
    CVE-2017-13309

    In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation... Read more

    Affected Products : android
    • Published: Nov. 15, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2024-49536

    Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issu... Read more

    Affected Products : macos windows audition
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-45609

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vuln... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2024-44759

    An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Dec. 03, 2024

  • 4.3

    MEDIUM
    CVE-2024-3334

    A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby comprom... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-24459

    An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted p... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-24458

    An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections ... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 291722 Results