Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2024-48459

    A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a m... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024

  • 9.6

    CRITICAL
    CVE-2024-40867

    A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.... Read more

    Affected Products : iphone_os ipados
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2023-32189

    Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10413

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestric... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 7.2

    HIGH
    CVE-2024-10411

    A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php.... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-10415

    A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack ca... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-10416

    A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the argument reqid leads to sql injection. The attack may ... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 8.8

    HIGH
    CVE-2024-10417

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the argument bid leads to sql injection. It is possible to l... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 4.9

    MEDIUM
    CVE-2024-48234

    An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 29, 2024

  • 3.3

    LOW
    CVE-2023-25189

    BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Oct. 29, 2024

  • 3.3

    LOW
    CVE-2023-20513

    An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Oct. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-49999

    In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afs_wait_for_operation(), we set transcribe the call responded flag to the server record that we used after doing the fileserver it... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-49979

    In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_l... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-49978

    In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 29, 2024

  • 5.8

    MEDIUM
    CVE-2024-20481

    A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN ... Read more

    • Actively Exploited
    • Published: Oct. 23, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-41618

    Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated ... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-41617

    Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allo... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-50575

    In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 7.5

    HIGH
    CVE-2024-10073

    A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possi... Read more

    Affected Products : flair
    • Published: Oct. 17, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50576

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 291593 Results