Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 0.0

    NONE
    CVE-2024-41008

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. The major changes are: - vm->task_info is a dynamically allocated ptr no... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Jul. 16, 2024
  • 0.0

    NONE
    CVE-2023-52290

    In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, ther... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Jul. 16, 2024
  • 5.3

    CVSS31
    CVE-2024-6559

    The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.7.3. This is due the plugin utilizing sabre without preventing direct access to the ... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Jul. 16, 2024
  • 6.4

    CVSS31
    CVE-2024-4780

    The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eihe_link’ parameter in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Jul. 16, 2024
  • 5.3

    CVSS31
    CVE-2024-6557

    The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plu... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Jul. 16, 2024
  • 0.0

    NONE
    CVE-2024-6780

    Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Jul. 16, 2024
  • 0.0

    NONE
    CVE-2024-40524

    Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component.... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 0.0

    NONE
    CVE-2024-4143

    A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. AMI has released firmware updates to mitigate this vulnerability.... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 3.7

    CVSS31
    CVE-2024-40632

    Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requ... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 0.0

    NONE
    CVE-2024-4224

    An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator's browser. This issue was fixed in TL-SG... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 4.3

    CVSS31
    CVE-2024-40630

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected vers... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 5.8

    CVSS31
    CVE-2024-40627

    Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP `OPTIONS` requests are always allowed by `OpaMiddleware`, even when they lack authentication, and are passed through directly to the application. `OpaMiddleware` allows all HTT... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 9.8

    CVSS31
    CVE-2024-40624

    TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use php... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 3.1

    CVSS31
    CVE-2024-39919

    @jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the us... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 4.3

    CVSS31
    CVE-2024-39918

    @jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. T... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 9.9

    CVSS31
    CVE-2024-39915

    Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF repo... Read more

    Affected Products : thruk
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 5.3

    CVSS31
    CVE-2024-39912

    web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without a... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 4.9

    CVSS31
    CVE-2024-38360

    Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed... Read more

    Affected Products : discourse
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 8.1

    CVSS31
    CVE-2024-40631

    Plate media is an open source, rich-text editor for React. Editors that use `MediaEmbedElement` and pass custom `urlParsers` to the `useMediaState` hook may be vulnerable to XSS if a custom parser allows `javascript:`, `data:` or `vbscript:` URLs to be em... Read more

    Affected Products : plate
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
  • 0.0

    NONE
    CVE-2024-37386

    An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, ... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Jul. 15, 2024
Showing 20 of 100 Results