Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 8.8

    CVSS31
    CVE-2024-44572

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 8.8

    CVSS31
    CVE-2024-44571

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 8.8

    CVSS31
    CVE-2024-44570

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 9.8

    CVSS31
    CVE-2024-44541

    evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 7.3

    CVSS31
    CVE-2024-40652

    In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges n... Read more

    Affected Products : android
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 3.8

    CVSS31
    CVE-2024-8694

    A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 10.0

    CVSS31
    CVE-2024-45409

    The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 11, 2024
  • 8.8

    CVSS31
    CVE-2024-44577

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 8.8

    CVSS31
    CVE-2024-44574

    RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 2.4

    CVSS31
    CVE-2024-8693

    A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input <script>alert('XS... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 0.0

    NONE
    CVE-2024-7312

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 5.3

    CVSS31
    CVE-2024-8692

    A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disc... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 0.0

    NONE
    CVE-2024-42760

    SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 8.4

    CVSS31
    CVE-2024-5760

    The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 5.4

    CVSS31
    CVE-2024-44851

    A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 9.8

    CVSS31
    CVE-2024-44466

    COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 0.0

    NONE
    CVE-2024-8691

    A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 0.0

    NONE
    CVE-2024-8690

    A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then t... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 0.0

    NONE
    CVE-2024-8689

    A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
  • 0.0

    NONE
    CVE-2024-8688

    An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the f... Read more

    Affected Products :
    • Published: Sep. 11, 2024
    • Modified: Sep. 11, 2024
Showing 20 of 345 Results