Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-47361

    Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.... Read more

    Affected Products : elementor_addon_elements
    • Published: Nov. 01, 2024
    • Modified: Nov. 12, 2024

  • 7.5

    HIGH
    CVE-2024-45397

    h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect... Read more

    Affected Products : h2o
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 7.5

    HIGH
    CVE-2024-45396

    Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is add... Read more

    Affected Products : quicly
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-25622

    h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes ... Read more

    Affected Products : h2o
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-45402

    Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free ... Read more

    Affected Products : h2o picotls
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 7.5

    HIGH
    CVE-2024-45403

    h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount ... Read more

    Affected Products : h2o
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.3

    CRITICAL
    CVE-2024-47830

    Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. ... Read more

    Affected Products : plane
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-47074

    DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/pr... Read more

    Affected Products : dataease
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 7.5

    HIGH
    CVE-2024-52532

    GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 7.5

    HIGH
    CVE-2024-52530

    GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 7.8

    HIGH
    CVE-2024-9576

    Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.... Read more

    Affected Products : workbooth
    • Published: Oct. 07, 2024
    • Modified: Nov. 12, 2024

  • 8.2

    HIGH
    CVE-2024-6400

    Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.... Read more

    Affected Products : finrota
    • Published: Oct. 04, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-6443

    In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.... Read more

    Affected Products : zephyr
    • Published: Oct. 04, 2024
    • Modified: Nov. 12, 2024

  • 6.1

    MEDIUM
    CVE-2024-51213

    Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-51026

    The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 0.0

    NA
    CVE-2023-40457

    The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: ... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 4.4

    MEDIUM
    CVE-2024-45770

    A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain con... Read more

    • Published: Sep. 19, 2024
    • Modified: Nov. 12, 2024

  • 5.5

    MEDIUM
    CVE-2024-45769

    A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.... Read more

    • Published: Sep. 19, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-51135

    An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 8.1

    HIGH
    CVE-2024-48322

    UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024
Showing 20 of 291221 Results