Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    CVSS31
    CVE-2024-43969

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.6

    CVSS31
    CVE-2021-27915

    Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated acces... Read more

    Affected Products : mautic
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    CVSS31
    CVE-2024-39589

    Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker c... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2023-28455

    An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-39590

    Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker c... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-6878

    Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-8768

    A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    CVSS31
    CVE-2024-36980

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2023-49203

    Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2023-28457

    An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-8287

    Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before th... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-46982

    Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this c... Read more

    Affected Products : next.js
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    CVSS31
    CVE-2024-45601

    Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability w... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-36981

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-38813

    The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    CVSS31
    CVE-2024-8110

    Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may resta... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    CVSS31
    CVE-2023-28456

    An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2023-28451

    An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit wo... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.3

    CVSS31
    CVE-2024-8948

    A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exp... Read more

    Affected Products : micropython
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.3

    CVSS31
    CVE-2024-8946

    A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible... Read more

    Affected Products : micropython
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024
Showing 20 of 348 Results