Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8302

    A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to ... Read more

    Affected Products : dingfanzu dingfanzu
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8385

    A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8226

    A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. Th... Read more

    Affected Products : o1_firmware o1
    • Published: Aug. 28, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8191

    SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Sep. 10, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-8381

    A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Th... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8169

    A vulnerability was found in code-projects Online Quiz Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file signupuser.php. The manipulation of the argument lid leads to sql injection. The attack may be... Read more

    Affected Products : online_quiz_site
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-8219

    A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to la... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8387

    Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8213

    A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and ... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8234

    ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS command... Read more

    • Published: Aug. 30, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-8075

    A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOT... Read more

    Affected Products : t8_firmware t8 ac1200_t8
    • Published: Aug. 22, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-8227

    A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhc... Read more

    Affected Products : o1_firmware o1
    • Published: Aug. 28, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8211

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. ... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8223

    A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack ca... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8076

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was ... Read more

    Affected Products : t8_firmware t8 ac1200_t8
    • Published: Aug. 22, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-7988

    A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which ... Read more

    Affected Products : thinmanager_thinserver
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-7961

    A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.... Read more

    Affected Products : pavilion8
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8345

    A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The at... Read more

    Affected Products : music_gallery_site
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-7898

    A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be ... Read more

    Affected Products : online_store_management_system
    • Published: Aug. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7825

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2... Read more

    Affected Products : secureanywhere_web_shield
    • Published: Oct. 03, 2024
    • Modified: Oct. 30, 2024
Showing 20 of 292860 Results