Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-38656

    Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jun. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-38655

    Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jun. 27, 2025

  • 4.4

    MEDIUM
    CVE-2024-38654

    Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.... Read more

    Affected Products : secure_access_client
    • Published: Nov. 13, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-38649

    An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : connect_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 16, 2025

  • 7.5

    HIGH
    CVE-2024-37400

    An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.... Read more

    Affected Products : connect_secure
    • Published: Nov. 13, 2024
    • Modified: Jun. 27, 2025

  • 7.8

    HIGH
    CVE-2024-37398

    Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : secure_access_client
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-37376

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2024-34787

    Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34784

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34782

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34781

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34780

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-32847

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2024-32844

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-32841

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-32839

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 7.1

    HIGH
    CVE-2024-29211

    A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.... Read more

    Affected Products : secure_access_client
    • Published: Nov. 13, 2024
    • Modified: Nov. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-10887

    The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insuffic... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-10854

    The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for... Read more

    Affected Products : buy_one_click_woocommerce
    • Published: Nov. 13, 2024
    • Modified: Jan. 17, 2025

  • 4.3

    MEDIUM
    CVE-2024-10853

    The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated at... Read more

    Affected Products : buy_one_click_woocommerce
    • Published: Nov. 13, 2024
    • Modified: Jan. 17, 2025
Showing 20 of 291717 Results