Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-47559

    Authenticated RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-47558

    Authenticated RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-45382

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.8

    HIGH
    CVE-2024-37982

    Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-43697

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.8

    HIGH
    CVE-2024-37979

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-43696

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47556

    Pre-Auth RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-38425

    Information disclosure while sending implicit broadcast containing APP launch information.... Read more

    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47557

    Pre-Auth RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 8.4

    HIGH
    CVE-2024-35520

    Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.... Read more

    Affected Products : r7000_firmware r7000
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 8.2

    HIGH
    CVE-2024-8977

    An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF a... Read more

    Affected Products : gitlab
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-9596

    An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a Git... Read more

    Affected Products : gitlab
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-9623

    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.... Read more

    Affected Products : gitlab
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-48902

    In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API... Read more

    Affected Products : youtrack
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9201

    The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.... Read more

    Affected Products : seur
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 7.3

    HIGH
    CVE-2024-6530

    A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to rend... Read more

    Affected Products : gitlab
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 6.7

    MEDIUM
    CVE-2024-39831

    in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-39806

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 6.9

    MEDIUM
    CVE-2024-47840

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X ... Read more

    Affected Products : apex
    • Published: Oct. 05, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 291384 Results