Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    CVSS31
    CVE-2024-48925

    Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that shoul... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-9129

    In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-9287

    A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source v... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-10183

    A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-45526

    An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-48919

    Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an att... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-10229

    Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-10230

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-10231

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-26519

    An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-31029

    An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-40493

    Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_p... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-40494

    Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-42643

    Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-44331

    Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-44812

    SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-46482

    An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-46483

    Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-48415

    itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-48644

    Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts a... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 518 Results