Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.4

    CVSS31
    CVE-2024-9201

    The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024
  • 9.8

    CVSS31
    CVE-2024-45115

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or ele... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024
  • 9.0

    CVSS31
    CVE-2024-9798

    The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024
  • 9.8

    CVSS31
    CVE-2024-9518

    The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated at... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024
  • 9.1

    CVSS31
    CVE-2024-45160

    Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 09, 2024
  • 9.8

    CVSS31
    CVE-2024-9680

    An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR <... Read more

    Affected Products : firefox firefox_esr
    • Published: Oct. 09, 2024
    • Modified: Oct. 09, 2024
  • 9.1

    CVSS31
    CVE-2024-8015

    In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.... Read more

    Affected Products : telerik_reporting
    • Published: Oct. 09, 2024
    • Modified: Oct. 09, 2024
  • 9.1

    CVSS31
    CVE-2023-46586

    cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 09, 2024
  • 9.8

    CVSS31
    CVE-2024-44349

    A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 08, 2024
  • 9.8

    CVSS31
    CVE-2024-43468

    Microsoft Configuration Manager Remote Code Execution Vulnerability... Read more

    Affected Products : configuration_manager
    • Published: Oct. 08, 2024
    • Modified: Oct. 08, 2024
  • 9.0

    CVSS31
    • Published: Oct. 08, 2024
    • Modified: Oct. 08, 2024
  • 9.8

    CVSS31
    CVE-2024-3057

    A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 08, 2024
Showing 20 of 12 Results