Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2024-54450

    An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that ... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 28, 2024

  • 9.4

    CRITICAL
    CVE-2024-3375

    Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-25507

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.4

    CRITICAL
    CVE-2024-25514

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.4

    CRITICAL
    CVE-2024-32977

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` optio... Read more

    Affected Products : octoprint
    • Published: May. 14, 2024
    • Modified: Apr. 10, 2025

  • 9.4

    CRITICAL
    CVE-2024-5176

    Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.... Read more

    Affected Products :
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-3033

    An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including r... Read more

    Affected Products : anythingllm
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-5128

    An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variati... Read more

    Affected Products : lunary
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-35307

    Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-32814

    Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This securit... Read more

    Affected Products : skytable
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-38492

    This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.... Read more

    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-7093

    Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in thei... Read more

    Affected Products : dispatch
    • Published: Aug. 01, 2024
    • Modified: Aug. 02, 2024

  • 9.4

    HIGH
    CVE-2021-28506

    An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.... Read more

    Affected Products : eos
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-32188

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.... Read more

    Affected Products : neuvector
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.4

    HIGH
    CVE-2021-35117

    An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music... Read more

    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-46424

    Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-52052

    Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-35083

    Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon I... Read more

    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-10576

    Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissi... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 9.4

    CRITICAL
    CVE-2022-2102

    Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in ... Read more

    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results