Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-47414

    Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a ... Read more

    Affected Products : macos windows animate
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 7.8

    HIGH
    CVE-2024-47413

    Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a ... Read more

    Affected Products : macos windows animate
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 7.8

    HIGH
    CVE-2024-47412

    Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a ... Read more

    Affected Products : macos windows animate
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 7.8

    HIGH
    CVE-2024-47411

    Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v... Read more

    Affected Products : macos windows animate
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 7.8

    HIGH
    CVE-2024-47410

    Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim... Read more

    Affected Products : macos windows animate
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-45145

    Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitatio... Read more

    Affected Products : lightroom
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45150

    Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a m... Read more

    Affected Products : macos windows dimension
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-45146

    Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicio... Read more

    Affected Products : macos windows dimension
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-20787

    Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : substance_3d_painter
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-9451

    The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-9449

    The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : auto_iframe
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-39586

    Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : emc_appsync appsync
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 6.2

    MEDIUM
    CVE-2024-39440

    In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 t606 t610 t612 t616 t618 t760 t770 t820
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 6.2

    MEDIUM
    CVE-2024-39439

    In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 t606 t610 t612 t616 t618 t760 t770 t820
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 6.7

    MEDIUM
    CVE-2024-39438

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 6.7

    MEDIUM
    CVE-2024-39437

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +17 more products
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 6.7

    MEDIUM
    CVE-2024-39436

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +17 more products
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 4.8

    MEDIUM
    CVE-2024-5968

    The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm... Read more

    Affected Products : photo_gallery
    • Published: Oct. 09, 2024
    • Modified: May. 06, 2025

  • 9.1

    CRITICAL
    CVE-2023-46586

    cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.... Read more

    Affected Products : weborf
    • Published: Oct. 09, 2024
    • Modified: Mar. 19, 2025

  • 6.5

    MEDIUM
    CVE-2023-45872

    An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if ... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Nov. 12, 2024
Showing 20 of 294860 Results