Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-10012

    In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.... Read more

    Affected Products : ui_for_wpf
    • Published: Nov. 13, 2024
    • Modified: Jan. 07, 2025

  • 6.1

    MEDIUM
    CVE-2024-9477

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted... Read more

    Affected Products : air4443_firmware air4443
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-50854

    Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.... Read more

    Affected Products : g3_firmware g3_firmware g3
    • Published: Nov. 13, 2024
    • Modified: Mar. 14, 2025

  • 8.8

    HIGH
    CVE-2024-50853

    Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.... Read more

    Affected Products : g3_firmware g3
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2024-50852

    Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.... Read more

    Affected Products : g3_firmware g3
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2024-49506

    Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem... Read more

    Affected Products : mirrorcache
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-49505

    A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the  REGEX and P parameters. This issue affects MirrorCache b... Read more

    Affected Products : mirrorcache
    • Published: Nov. 13, 2024
    • Modified: Nov. 14, 2024

  • 7.0

    HIGH
    CVE-2024-49504

    grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-48900

    A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.... Read more

    Affected Products : moodle
    • Published: Nov. 13, 2024
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-48510

    Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the m... Read more

    Affected Products : dotnetzip.semverd prodotnetzip
    • Published: Nov. 13, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-11165

    An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS to... Read more

    Affected Products : yugabytedb
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2024-48989

    A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-11159

    Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.... Read more

    Affected Products : thunderbird
    • Published: Nov. 13, 2024
    • Modified: Dec. 06, 2024

  • 9.1

    CRITICAL
    CVE-2022-45157

    A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI a... Read more

    Affected Products : rancher
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 7.8

    HIGH
    CVE-2024-47574

    A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with hig... Read more

    Affected Products : forticlient
    • Published: Nov. 13, 2024
    • Modified: Jan. 21, 2025

  • 7.5

    HIGH
    CVE-2024-4741

    Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 6.9

    MEDIUM
    CVE-2024-8001

    A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the... Read more

    Affected Products : learning_management_system
    • Published: Nov. 13, 2024
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-11028

    The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current use... Read more

    Affected Products : multimanager_wp
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-9682

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products : royal_elementor_addons
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-9668

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : royal_elementor_addons
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291712 Results