Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-46040

    IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and fo... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-44233

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-44185

    The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    • Published: Oct. 24, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-41930

    Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Nov. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-39637

    Server Side Request Forgery (SSRF) vulnerability in Pixelcurve Edubin edubin.This issue affects Edubin: from n/a through 9.2.0.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Nov. 04, 2024

  • 3.7

    LOW
    CVE-2023-36325

    i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Nov. 04, 2024

  • 7.8

    HIGH
    CVE-2024-47041

    In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10279

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The ... Read more

    Affected Products : cdg
    • Published: Oct. 23, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10277

    A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may... Read more

    Affected Products : cdg
    • Published: Oct. 23, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10278

    A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible... Read more

    Affected Products : cdg
    • Published: Oct. 23, 2024
    • Modified: Nov. 04, 2024

  • 7.2

    HIGH
    CVE-2024-37845

    MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.... Read more

    Affected Products : mango
    • Published: Oct. 25, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-48410

    Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-45504

    Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a mal... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-44234

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-44232

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-40490

    An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 8.4

    HIGH
    CVE-2024-48336

    The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-48289

    An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 4.7

    MEDIUM
    CVE-2024-44731

    Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10655

    A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiat... Read more

    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024
Showing 20 of 291193 Results