Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-38139

    Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : dataverse
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-45085

    IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of servi... Read more

    Affected Products : websphere_application_server
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-10004

    Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.... Read more

    Affected Products : firefox
    • Published: Oct. 15, 2024
    • Modified: Apr. 04, 2025

  • 5.3

    MEDIUM
    CVE-2024-9966

    Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 8.8

    HIGH
    CVE-2024-9965

    Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Lo... Read more

    Affected Products : chrome windows edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 4.3

    MEDIUM
    CVE-2024-9964

    Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2024-9963

    Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2024-9962

    Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 8.8

    HIGH
    CVE-2024-9961

    Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: M... Read more

    Affected Products : chrome iphone_os edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-9960

    Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-9959

    Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-9958

    Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 25, 2025

  • 8.8

    HIGH
    CVE-2024-9957

    Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome iphone_os edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 7.8

    HIGH
    CVE-2024-9956

    Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : android chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Mar. 20, 2025

  • 8.8

    HIGH
    CVE-2024-9955

    Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-9954

    Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 15, 2024
    • Modified: Oct. 22, 2024

  • 8.1

    HIGH
    CVE-2024-9594

    A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. T... Read more

    Affected Products : image_builder
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-9486

    A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and... Read more

    Affected Products : image_builder
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-48783

    An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.... Read more

    Affected Products : nbr3000d-e_firmware nbr3000d-e
    • Published: Oct. 15, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-48782

    File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294848 Results