Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-47124

    The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption fo... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-47122

    In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadc... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-43814

    The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated... Read more

    Affected Products : atak_plugin gotenna
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 7.3

    HIGH
    CVE-2024-43362

    Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-9818

    A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection... Read more

    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9817

    A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 8.2

    HIGH
    CVE-2024-43364

    Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.p... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-9925

    SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘Reque... Read more

    Affected Products : qplant_sf
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9981

    The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code... Read more

    Affected Products : ee-class
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9980

    The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents.... Read more

    Affected Products : ee-class
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.2

    HIGH
    CVE-2024-43363

    Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need ... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 2.4

    LOW
    CVE-2024-48909

    SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their re... Read more

    Affected Products : spicedb
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 8.6

    HIGH
    CVE-2024-46898

    SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.... Read more

    Affected Products : shirasagi
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    HIGH
    CVE-2024-43541

    Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-43542

    Windows Mobile Broadband Driver Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-48779

    An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    HIGH
    CVE-2023-7294

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for ... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 6.2

    MEDIUM
    CVE-2024-39440

    In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 t606 t610 t612 t616 t618 t760 t770 t820
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2023-7293

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible ... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2023-7292

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possibl... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 291401 Results