Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CVSS31
    CVE-2024-48904

    An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    CVSS31
    CVE-2024-48708

    Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    CVSS31
    CVE-2024-48707

    Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    CVSS31
    CVE-2024-48706

    Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    CVSS31
    CVE-2024-48570

    Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 8.4

    CVSS31
    CVE-2024-46902

    A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged cod... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 9.3

    CVSS31
    CVE-2024-46538

    A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 8.4

    CVSS31
    CVE-2022-23862

    A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" ... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 6.1

    CVSS31
    CVE-2022-23861

    Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution ... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 7.8

    CVSS31
    CVE-2024-48903

    An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 6.5

    CVSS31
    CVE-2024-46903

    A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 8.4

    CVSS31
    CVE-2024-45335

    Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 7.8

    CVSS31
    CVE-2024-45334

    Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 7.8

    CVSS31
    CVE-2024-41183

    Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    CVSS31
    CVE-2024-39753

    An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.3

    CVSS31
    CVE-2024-50312

    A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack su... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CVSS31
    CVE-2024-48659

    An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 7.8

    CVSS31
    CVE-2024-48605

    An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 8.2

    CVSS31
    CVE-2024-47912

    A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A suc... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.4

    CVSS31
    CVE-2024-47223

    A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successf... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 502 Results