Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-50322

    Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-48073

    sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-37398

    Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : secure_access_client
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 4.9

    MEDIUM
    CVE-2024-47909

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-47907

    A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : connect_secure
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 4.9

    MEDIUM
    CVE-2024-47905

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-50318

    A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : avalanche
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-50317

    A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : avalanche
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-50321

    An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : avalanche
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-50320

    An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : avalanche
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-50319

    An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : avalanche
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-11143

    The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_a... Read more

    Affected Products : kognetiks_chatbot
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-10684

    The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : kognetiks_chatbot
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-10531

    The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authen... Read more

    Affected Products : kognetiks_chatbot kognetiks_chatbot
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-10530

    The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authe... Read more

    Affected Products : kognetiks_chatbot
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-10529

    The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authen... Read more

    Affected Products : kognetiks_chatbot kognetiks_chatbot
    • Published: Nov. 13, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-50809

    The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-44765

    An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrativ... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-21534

    All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were ... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Nov. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-50243

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in run_is_mapped_full Fixed deleating of a non-resident attribute in ntfs_create_inode() rollback.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 17, 2024
Showing 20 of 291395 Results