Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-8874

    The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes i... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 9.1

    CRITICAL
    CVE-2024-39712

    Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-39711

    Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 11, 2025

  • 9.1

    CRITICAL
    CVE-2024-39710

    Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 11, 2025

  • 7.8

    HIGH
    CVE-2024-39709

    Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 16, 2025

  • 9.1

    CRITICAL
    CVE-2024-38656

    Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jun. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-38655

    Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jun. 27, 2025

  • 4.4

    MEDIUM
    CVE-2024-38654

    Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.... Read more

    Affected Products : secure_access_client
    • Published: Nov. 13, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-38649

    An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : connect_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 16, 2025

  • 7.5

    HIGH
    CVE-2024-37400

    An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.... Read more

    Affected Products : connect_secure
    • Published: Nov. 13, 2024
    • Modified: Jun. 27, 2025

  • 7.8

    HIGH
    CVE-2024-37398

    Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : secure_access_client
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-37376

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2024-34787

    Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34784

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34782

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34781

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34780

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-32847

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2024-32844

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-32841

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025
Showing 20 of 293542 Results