Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2024-10526

    Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselve... Read more

    Affected Products : velociraptor
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-50588

    An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among ... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 8.7

    HIGH
    CVE-2024-8810

    A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vu... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 8.1

    HIGH
    CVE-2024-46961

    The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component.... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 6.2

    MEDIUM
    CVE-2019-20472

    An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for a... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 8.4

    HIGH
    CVE-2019-20459

    An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 9.1

    CRITICAL
    CVE-2019-20457

    An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The v... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 7.8

    HIGH
    CVE-2024-50593

    An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software.... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 7.0

    HIGH
    CVE-2024-50592

    An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair funct... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 0.0

    NA
    CVE-2024-50199

    In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 7.0

    HIGH
    CVE-2024-10203

    Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.... Read more

    Affected Products : manageengine_endpoint_central
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2020-11926

    An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript f... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-50589

    An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2020-8007

    The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip.... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-51434

    Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 6.2

    MEDIUM
    CVE-2024-36064

    The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.nll.cb.dia... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 8.7

    HIGH
    CVE-2024-10007

    A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to ... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 4.6

    MEDIUM
    CVE-2019-20469

    An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by c... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2019-20461

    An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or usern... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 7.1

    HIGH
    CVE-2024-51989

    Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. Th... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024
Showing 20 of 291293 Results