Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-43176

    IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.... Read more

    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-42471

    actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractE... Read more

    • Published: Sep. 02, 2024
    • Modified: Aug. 27, 2025

  • 7.1

    HIGH
    CVE-2024-41974

    A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41973

    A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-41972

    A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41971

    A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 5.7

    MEDIUM
    CVE-2024-41970

    A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-41968

    A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 8.1

    HIGH
    CVE-2024-41967

    A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-3911

    An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames.  ... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Aug. 27, 2025

  • 5.7

    MEDIUM
    CVE-2024-3130

    Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app ... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2024-3088

    A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument u... Read more

    Affected Products : emergency_ambulance_hiring_portal
    • Published: Mar. 30, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2024-3052

    Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.... Read more

    Affected Products : z\/ip_gateway_sdk
    • Published: Apr. 26, 2024
    • Modified: Aug. 27, 2025

  • 3.3

    LOW
    CVE-2024-39286

    Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-37471

    Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.... Read more

    Affected Products : woffice
    • Published: Jul. 04, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37006

    A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execut... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37005

    A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of ... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37004

    A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37003

    A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, ... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025

  • 7.8

    HIGH
    CVE-2024-37002

    A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.... Read more

    • Published: Jun. 25, 2024
    • Modified: Aug. 27, 2025
Showing 20 of 292846 Results