Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-41217

    A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-41209

    A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-41206

    A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-40579

    Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-21949

    Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.... Read more

    Affected Products : ryzen_ai_software
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-21974

    Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.... Read more

    Affected Products : ryzen_ai_software
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-21975

    Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.... Read more

    Affected Products : ryzen_ai_software
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-49778

    A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-49777

    A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-49776

    A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11065

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11064

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11063

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11062

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47178

    basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.... Read more

    Affected Products : basic-auth-connect
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-47530

    Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sa... Read more

    Affected Products : scout
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 4.6

    MEDIUM
    CVE-2024-47531

    Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data ... Read more

    Affected Products : scout
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47532

    RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in versi... Read more

    Affected Products : restrictedpython
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 5.1

    MEDIUM
    CVE-2024-11130

    A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be lau... Read more

    Affected Products : zzcms
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52355

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM – OpenStreetMap allows Stored XSS.This issue affects OSM – OpenStreetMap: from n/a through 6.1.2.... Read more

    Affected Products : openstreetmap
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024
Showing 20 of 291398 Results