Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48428

    An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.... Read more

    Affected Products : olivevle
    • Published: Oct. 25, 2024
    • Modified: Mar. 19, 2025

  • 9.1

    CRITICAL
    CVE-2024-49753

    Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests t... Read more

    Affected Products : zitadel
    • Published: Oct. 25, 2024
    • Modified: Aug. 26, 2025

  • 7.7

    HIGH
    CVE-2024-49381

    Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to informati... Read more

    Affected Products : plenti
    • Published: Oct. 25, 2024
    • Modified: Nov. 14, 2024

  • 8.9

    HIGH
    CVE-2024-49380

    Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote ... Read more

    Affected Products : plenti
    • Published: Oct. 25, 2024
    • Modified: May. 06, 2025

  • 7.0

    HIGH
    CVE-2024-9991

    This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the ... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 6.1

    MEDIUM
    CVE-2024-49378

    smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-49376

    Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privile... Read more

    Affected Products : autolab
    • Published: Oct. 25, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-10381

    This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request ... Read more

    • Published: Oct. 25, 2024
    • Modified: Nov. 14, 2024

  • 7.5

    HIGH
    CVE-2024-10380

    A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_servic... Read more

    Affected Products : petrol_pump_management
    • Published: Oct. 25, 2024
    • Modified: Nov. 01, 2024

  • 7.5

    HIGH
    CVE-2024-10379

    A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFil... Read more

    Affected Products : cdg
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10378

    A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql... Read more

    Affected Products : cdg
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 6.4

    MEDIUM
    CVE-2024-10374

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user s... Read more

    Affected Products : wp-members
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 5.5

    MEDIUM
    CVE-2024-47483

    Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerabili... Read more

    Affected Products : data_lakehouse
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-47481

    Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products : data_lakehouse
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 7.8

    HIGH
    CVE-2024-47041

    In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Nov. 04, 2024

  • 7.8

    HIGH
    CVE-2024-47035

    In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 5.5

    MEDIUM
    CVE-2024-47034

    there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.8

    HIGH
    CVE-2024-47033

    In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 7.4

    HIGH
    CVE-2024-47031

    Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Jul. 24, 2025

  • 5.1

    MEDIUM
    CVE-2024-47030

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Jul. 24, 2025
Showing 20 of 294723 Results