Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-10943

    An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information requ... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-47535

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded ... Read more

    Affected Products : netty
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.0

    MEDIUM
    CVE-2024-51750

    Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-49369

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an ... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 7.3

    HIGH
    CVE-2024-10945

    A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installa... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-9999

    In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 4.8

    MEDIUM
    CVE-2024-51720

    An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone nu... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-52296

    libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. At ospd_common.c, on the osdp_reply_name function, any reply id between REPLY_ACK and REPLY_XRD is valid... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-52297

    Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2.... Read more

    Affected Products : tolgee
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 8.4

    HIGH
    CVE-2024-10944

    A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of a malicious Updated Agent being deployed.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-30133

    HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 3.5

    LOW
    CVE-2024-51749

    Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a fi... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 7.5

    HIGH
    CVE-2024-8933

    CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controller... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-8874

    The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes i... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 9.1

    CRITICAL
    CVE-2022-45157

    A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI a... Read more

    Affected Products : rancher
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 8.3

    HIGH
    CVE-2024-8936

    CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 7.3

    HIGH
    CVE-2024-51721

    A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root p... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.0

    MEDIUM
    CVE-2024-2207

    Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulner... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-10038

    The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-10629

    The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticate... Read more

    Affected Products : wp_gpx_maps gpx_viewer
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 291641 Results