Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    CVSS31
    CVE-2022-32144

    There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 3.3

    CVSS31
    CVE-2020-9250

    There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the servic... Read more

    Affected Products : mate_20_pro_firmware
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.7

    CVSS31
    CVE-2024-8968

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-44298

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-44293

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.5

    CVSS31
    CVE-2024-44292

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-44231

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-44211

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-44195

    A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files.... Read more

    Affected Products : macos
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-21549

    Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arb... Read more

    Affected Products : browsershot
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.8

    CVSS31
    CVE-2024-12677

    Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.4

    CVSS31
    CVE-2024-11108

    The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.8

    CVSS31
    CVE-2024-10706

    The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : wordpress_download_manager
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 4.8

    CVSS31
    CVE-2024-10555

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.8

    CVSS31
    CVE-2024-7726

    There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 0.0

    NONE
    CVE-2024-56337

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomp... Read more

    Affected Products : tomcat
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.0

    CVSS31
    CVE-2024-12840

    A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 7.5

    CVSS31
    CVE-2024-12014

    Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipula... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 5.3

    CVSS31
    CVE-2024-11297

    The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 0.0

    NONE
    CVE-2024-10385

    Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024
Showing 20 of 176 Results
© cvefeed.io
Latest DB Update: Dec. 21, 2024 13:13