Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.2

    CVSS31
    CVE-2024-51771

    A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitr... Read more

    Affected Products : clearpass_policy_manager
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 7.1

    CVSS30
    CVE-2024-42455

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the s... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 7.1

    CVSS30
    CVE-2024-45205

    An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected ... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 7.1

    CVSS30
    CVE-2024-42449

    From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 7.1

    CVSS31
    CVE-2024-49413

    Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.... Read more

    Affected Products : android
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 7.0

    CVSS31
    CVE-2024-45717

    The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.... Read more

    Affected Products : solarwinds_platform
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 7.0

    CVSS30
    CVE-2024-45207

    DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Vee... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 6.7

    CVSS31
    CVE-2024-52548

    An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 6.5

    CVSS31
    CVE-2024-41776

    IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 6.5

    CVSS31
    CVE-2024-49418

    Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 6.5

    CVSS31
    CVE-2024-12196

    Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 6.5

    CVSS30
    CVE-2024-45206

    A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 6.5

    CVSS31
    CVE-2024-52545

    An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 6.5

    CVSS31
    CVE-2024-11732

    The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati... Read more

    Affected Products : bp_profile_shortcodes_extra
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 6.5

    CVSS31
    CVE-2024-53614

    A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges.... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 6.5

    CVSS31
    CVE-2024-12147

    A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument C... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 6.4

    CVSS31
    CVE-2024-9058

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insuf... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 6.4

    CVSS31
    CVE-2024-11782

    The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attribu... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024
  • 6.4

    CVSS31
    CVE-2024-11854

    The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitizatio... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
  • 6.4

    CVSS31
    CVE-2024-10885

    The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user su... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024
Showing 20 of 213 Results
© cvefeed.io
Latest DB Update: Dec. 05, 2024 3:45