Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.5

    MEDIUM
    CVE-2024-9917

    A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 19, 2024
  • 7.2

    HIGH
    CVE-2024-9918

    A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be in... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 19, 2024
  • 7.5

    HIGH
    CVE-2024-9820

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication... Read more

    Affected Products : wp_2fa_with_telegram
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024
  • 8.8

    HIGH
    CVE-2024-9968

    WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended ... Read more

    Affected Products : webeip
    • Published: Oct. 15, 2024
    • Modified: Oct. 19, 2024
  • 7.2

    HIGH
    CVE-2024-45330

    A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 19, 2024
  • 7.2

    HIGH
    CVE-2024-9180

    A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11... Read more

    Affected Products : vault openbao
    • Published: Oct. 10, 2024
    • Modified: Oct. 18, 2024
  • 7.3

    HIGH
    CVE-2024-49390

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
  • 7.8

    HIGH
    CVE-2024-49389

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
  • 5.7

    MEDIUM
    CVE-2024-49386

    Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
  • 7.3

    HIGH
    CVE-2024-49391

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
  • 5.7

    MEDIUM
    CVE-2024-49392

    Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
  • 8.1

    HIGH
    CVE-2024-33453

    Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
  • 7.5

    HIGH
    CVE-2024-21274

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network acces... Read more

    Affected Products : weblogic_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024
  • 7.5

    HIGH
    CVE-2024-21260

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024
  • 7.5

    HIGH
    CVE-2024-21234

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024
  • 7.5

    HIGH
    CVE-2024-21246

    Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : service_bus
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024
  • 7.6

    HIGH
    CVE-2024-21191

    Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged at... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024
  • 7.5

    HIGH
    CVE-2024-21190

    Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with n... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024
  • 4.8

    MEDIUM
    CVE-2024-21235

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Ora... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024
  • 9.8

    CRITICAL
    CVE-2024-21216

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024
Showing 20 of 291513 Results