Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CVSS31
    CVE-2024-8888

    An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 10.0

    CVSS31
    CVE-2024-8887

    CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalitie... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 9.9

    CVSS31
    CVE-2024-45798

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml`... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 9.9

    CVSS30
    CVE-2024-8767

    Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 9.9

    CVSS31
    CVE-2024-46986

    Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on t... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CVSS31
    CVE-2024-38812

    The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leadin... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CVSS31
    CVE-2024-34399

    **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer suppor... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CVSS31
    CVE-2024-35515

    Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CVSS31
    CVE-2024-44542

    SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 9.3

    CVSS31
    CVE-2024-43976

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 9.3

    CVSS31
    CVE-2024-44004

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 9.3

    CVSS31
    CVE-2024-43978

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 9.3

    CVSS31
    CVE-2024-8889

    Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP pro... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 9.1

    CVSS31
    CVE-2024-8956

    PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 9.0

    CVSS31
    CVE-2024-34026

    A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can ... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    CVSS31
    CVE-2024-46362

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    CVSS31
    CVE-2024-46085

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    CVSS31
    CVE-2024-45682

    There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    CVSS31
    CVE-2024-38183

    An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.... Read more

    Affected Products : groupme
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    CVSS31
    CVE-2024-43778

    OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024
Showing 20 of 348 Results