Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-9958

    Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 8.8

    HIGH
    CVE-2024-9957

    Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome iphone_os edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 7.8

    HIGH
    CVE-2024-9956

    Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : android chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 20, 2025

  • 8.8

    HIGH
    CVE-2024-9955

    Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-9954

    Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Oct. 22, 2024

  • 8.1

    HIGH
    CVE-2024-9594

    A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. T... Read more

    Affected Products : image_builder
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-9486

    A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and... Read more

    Affected Products : image_builder
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-48783

    An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.... Read more

    Affected Products : nbr3000d-e_firmware nbr3000d-e
    • Published: Oct. 15, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-48782

    File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48781

    An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48779

    An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-48714

    In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.... Read more

    Affected Products : tl-wdr7660_firmware tl-wdr7660
    • Published: Oct. 15, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-48713

    In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.... Read more

    Affected Products : tl-wdr7660_firmware tl-wdr7660
    • Published: Oct. 15, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-48712

    In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.... Read more

    Affected Products : tl-wdr7660_firmware tl-wdr7660
    • Published: Oct. 15, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-48710

    In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.... Read more

    Affected Products : tl-wdr7660_firmware tl-wdr7660
    • Published: Oct. 15, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-48411

    itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php.... Read more

    • Published: Oct. 15, 2024
    • Modified: May. 17, 2025

  • 7.5

    HIGH
    CVE-2024-44775

    An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.... Read more

    Affected Products : kmqtt
    • Published: Oct. 15, 2024
    • Modified: Sep. 04, 2025

  • 8.1

    HIGH
    CVE-2024-41311

    In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.... Read more

    Affected Products : debian_linux libheif
    • Published: Oct. 15, 2024
    • Modified: Mar. 24, 2025

  • 4.9

    MEDIUM
    CVE-2024-31955

    An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possess... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-49195

    Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025
Showing 20 of 294837 Results