Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2024-10377

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to...

Affected Products : cdg
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
9.8

CRITICAL

CVE-2024-10376

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument Uni...

Affected Products : cdg
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
7.4

HIGH

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on...

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
7.5

HIGH

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed....

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
7.5

HIGH

CVE-2024-42420

Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed....

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
7.5

HIGH

CVE-2024-45829

Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed....

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
5.3

MEDIUM

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests....

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
8.1

HIGH

CVE-2024-47005

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs....

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
9.8

CRITICAL

CVE-2024-47406

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability....

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
7.4

HIGH

CVE-2024-47801

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web brows...

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
6.2

MEDIUM

CVE-2024-48870

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of ot...

Affected Products : bp-30c25_firmware bp-30c25t_firmware bp-30c25y_firmware bp-30c25z_firmware bp-30m28_firmware bp-30m28t_firmware bp-30m31_firmware bp-30m31t_firmware bp-30m35_firmware bp-30m35t_firmware +630 more products
Published: Oct. 25, 2024

Modified: Nov. 05, 2024
8.8

HIGH

CVE-2024-51248

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function....

Affected Products : vigor3900_firmware vigor3900
Published: Nov. 01, 2024

Modified: Nov. 05, 2024
8.8

HIGH

CVE-2024-51247

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function....

Affected Products : vigor3900_firmware vigor3900
Published: Nov. 01, 2024

Modified: Nov. 05, 2024
8.8

HIGH

CVE-2024-51245

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function....

Affected Products : vigor3900_firmware vigor3900
Published: Nov. 01, 2024

Modified: Nov. 05, 2024
8.8

HIGH

CVE-2024-51244

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function....

Affected Products : vigor3900_firmware vigor3900
Published: Nov. 01, 2024

Modified: Nov. 05, 2024
5.7

MEDIUM

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can ...

Affected Products :
Published: Nov. 01, 2024

Modified: Nov. 05, 2024
6.5

MEDIUM

CVE-2024-51398

Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security....

Affected Products :
Published: Nov. 01, 2024

Modified: Nov. 05, 2024
6.1

MEDIUM

CVE-2024-48057

localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage....

Affected Products :
Published: Nov. 04, 2024

Modified: Nov. 05, 2024
9.8

CRITICAL

CVE-2024-10736

A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument email leads to sql injection. The atta...

Affected Products : free_exam_hall_seating_management_system
Published: Nov. 03, 2024

Modified: Nov. 05, 2024
9.8

CRITICAL

CVE-2024-10737

A vulnerability classified as critical has been found in Codezips Free Exam Hall Seating Management System 1.0. Affected is an unknown function of the file /teacher.php. The manipulation of the argument email leads to sql injection. It is possible to laun...

Affected Products : free_exam_hall_seating_management_system
Published: Nov. 03, 2024

Modified: Nov. 05, 2024

Showing 20 of 291205 Results

Latest CVE Feed

9.8

9.8

7.4

7.5

7.5

7.5

5.3

8.1

9.8

7.4

6.2

8.8

8.8

8.8

8.8

5.7

6.5

6.1

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable