Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-36063

    The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivi... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 4.0

    MEDIUM
    CVE-2024-36062

    The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.andr... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Feb. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-10824

    An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization ... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Aug. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-50599

    A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 07, 2024
    • Modified: Jun. 17, 2025

  • 7.7

    HIGH
    CVE-2024-10975

    Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed... Read more

    Affected Products : nomad
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-10007

    A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to ... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Aug. 27, 2025

  • 6.2

    MEDIUM
    CVE-2019-20472

    An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for a... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 4.6

    MEDIUM
    CVE-2019-20469

    An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by c... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 5.3

    MEDIUM
    CVE-2019-20462

    An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view p... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2019-20461

    An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or usern... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2019-20460

    An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-10969

    A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login_process.php of the component Login. The manipulation of the argument u... Read more

    Affected Products : bookstore_management_system
    • Published: Nov. 07, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-10968

    A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /contact_process.php. The manipulation of the argument fnm leads to sql in... Read more

    Affected Products : bookstore_management_system
    • Published: Nov. 07, 2024
    • Modified: Dec. 10, 2024

  • 7.1

    HIGH
    CVE-2024-51995

    Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.... Read more

    Affected Products : itop
    • Published: Nov. 07, 2024
    • Modified: Mar. 27, 2025

  • 7.1

    HIGH
    CVE-2024-51994

    Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all u... Read more

    Affected Products : itop
    • Published: Nov. 07, 2024
    • Modified: Apr. 04, 2025

  • 3.4

    LOW
    CVE-2024-51993

    Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable ... Read more

    Affected Products : itop
    • Published: Nov. 07, 2024
    • Modified: Apr. 04, 2025

  • 7.1

    HIGH
    CVE-2024-51989

    Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. Th... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 2.3

    LOW
    CVE-2024-51758

    Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the `default_filesystem_disk` config option. This allows the user to easily swap their storage driver to something ... Read more

    Affected Products : filament
    • Published: Nov. 07, 2024
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2024-51428

    An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet.... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-48290

    An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024
Showing 20 of 293620 Results