Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-10020

    The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possi... Read more

    Affected Products : social_login
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9934

    The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_image_zoom wp-imagezoom
    • Published: Nov. 06, 2024
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-7879

    The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : wp_ulike
    • Published: Nov. 06, 2024
    • Modified: Apr. 11, 2025

  • 6.7

    MEDIUM
    CVE-2024-49409

    Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.... Read more

    Affected Products : galaxy_s24_firmware galaxy_s24
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024

  • 6.7

    MEDIUM
    CVE-2024-49408

    Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.... Read more

    Affected Products : galaxy_s24_firmware galaxy_s24
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024

  • 4.6

    MEDIUM
    CVE-2024-49407

    Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.... Read more

    Affected Products : flow
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024

  • 6.7

    MEDIUM
    CVE-2024-49406

    Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.... Read more

    Affected Products : blockchain_keystore
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-49405

    Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.... Read more

    Affected Products : pass
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-49404

    Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.... Read more

    Affected Products : android video_player
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024

  • 4.6

    MEDIUM
    CVE-2024-49403

    Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.... Read more

    Affected Products : voice_recorder
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024

  • 4.6

    MEDIUM
    CVE-2024-49402

    Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-49401

    Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024

  • 2.4

    LOW
    CVE-2024-34682

    Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 13, 2024

  • 6.6

    MEDIUM
    CVE-2024-34681

    Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.... Read more

    Affected Products : android
    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 5.5

    MEDIUM
    CVE-2024-34680

    Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-34679

    Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024

  • 7.8

    HIGH
    CVE-2024-34678

    Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024

  • 4.0

    MEDIUM
    CVE-2024-34677

    Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024

  • 7.3

    HIGH
    CVE-2024-34676

    Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024

  • 4.6

    MEDIUM
    CVE-2024-34675

    Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.... Read more

    Affected Products : android android
    • Published: Nov. 06, 2024
    • Modified: Nov. 12, 2024
Showing 20 of 293648 Results