Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-3334

    A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby comprom... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-45969

    NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-24450

    Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-50800

    Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker to execute arbitrary code via the error parameter in URL... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.7

    MEDIUM
    CVE-2024-52515

    Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 4.1

    MEDIUM
    CVE-2024-52514

    Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwa... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 4.6

    MEDIUM
    CVE-2024-52523

    Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an atta... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 6.7

    MEDIUM
    CVE-2021-34752

    A vulnerability in the CLI of Cisco&nbsp;FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.&nbsp; This vu... Read more

    Affected Products : firepower_threat_defense
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 8.1

    HIGH
    CVE-2022-20649

    A vulnerability in Cisco&nbsp;RCM for Cisco&nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges&nbsp;in the context of the configured container. This vulner... Read more

    Affected Products : redundancy_configuration_manager
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2022-20655

    A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affect... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-9849

    The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and inclu... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-9887

    The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of s... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2021-1444

    A vulnerability in the web services interface of Cisco&nbsp;Adaptive Security Appliance (ASA) Software and Cisco&nbsp;Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga... Read more

    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.9

    MEDIUM
    CVE-2024-11306

    A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. Th... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-52399

    Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-11118

    The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings() function. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 3.4

    LOW
    CVE-2023-0657

    A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside ... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 17, 2024
    • Modified: Nov. 18, 2024

  • 7.3

    HIGH
    CVE-2024-9839

    The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running d... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-10533

    The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers,... Read more

    Affected Products : wp_chat_app
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-52940

    AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.... Read more

    Affected Products : anydesk
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 293688 Results