Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8075

    A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOT... Read more

    Affected Products : t8_firmware t8 ac1200_t8
    • Published: Aug. 22, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-8227

    A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhc... Read more

    Affected Products : o1_firmware o1
    • Published: Aug. 28, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8211

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. ... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8223

    A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack ca... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8076

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was ... Read more

    Affected Products : t8_firmware t8 ac1200_t8
    • Published: Aug. 22, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-7988

    A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which ... Read more

    Affected Products : thinmanager_thinserver
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-7961

    A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.... Read more

    Affected Products : pavilion8
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8345

    A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The at... Read more

    Affected Products : music_gallery_site
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-7898

    A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be ... Read more

    Affected Products : online_store_management_system
    • Published: Aug. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7825

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2... Read more

    Affected Products : secureanywhere_web_shield
    • Published: Oct. 03, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-7794

    A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file mybill.php. The manipulation of the argument id leads to sql injection. The attack may... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7935

    A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file print.php. The manipulation of the argument map_id leads to sql injection. The... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 19, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-7731

    Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : dr.id_access_control
    • Published: Aug. 14, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-7954

    The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.... Read more

    Affected Products : spip
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-7763

    In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.... Read more

    Affected Products : whatsup_gold
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-7636

    A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file authenticate.php of the component Login. The manipulation of the argument email/... Read more

    Affected Products : simple_ticket_booking
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7746

    Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected ... Read more

    Affected Products : traccar
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-7839

    A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. This affects an unknown part of the file addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remote... Read more

    Affected Products : billing_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7937

    A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack ... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7569

    An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.... Read more

    Affected Products : neurons_for_itsm
    • Published: Aug. 13, 2024
    • Modified: Sep. 06, 2024
Showing 20 of 292797 Results