Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-46892

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an auth... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.4

    CRITICAL
    CVE-2024-46890

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privilege... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.9

    MEDIUM
    CVE-2024-46889

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key materia... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.9

    CRITICAL
    CVE-2024-46888

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipu... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-44102

    A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with... Read more

    Affected Products : telecontrol_server_basic
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.0

    HIGH
    CVE-2024-11061

    A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overfl... Read more

    Affected Products : ac10_firmware ac10
    • Published: Nov. 11, 2024
    • Modified: Nov. 13, 2024

  • 7.2

    HIGH
    CVE-2024-11058

    A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads ... Read more

    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7434

    The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to in... Read more

    Affected Products : ultrapress
    • Published: Oct. 01, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7433

    The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to i... Read more

    Affected Products : empowerment
    • Published: Oct. 01, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7432

    The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to i... Read more

    Affected Products : unseen_blog
    • Published: Oct. 01, 2024
    • Modified: Nov. 13, 2024

  • 6.3

    MEDIUM
    CVE-2024-9513

    A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handl... Read more

    Affected Products : netadmin_iam
    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024

  • 8.1

    HIGH
    CVE-2024-47183

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new u... Read more

    Affected Products : parse-server parse_server
    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-11046

    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-11047

    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer ... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-11048

    A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be la... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-51580

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.1.... Read more

    Affected Products : clever_addons_for_elementor
    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-51581

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5... Read more

    • Published: Nov. 10, 2024
    • Modified: Nov. 13, 2024

  • 7.2

    HIGH
    CVE-2024-49774

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax con... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-24409

    Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 7.5

    HIGH
    CVE-2024-51179

    An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establis... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 291265 Results