Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-44729

    Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 16, 2024

  • 7.7

    HIGH
    CVE-2024-43687

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 7.1

    HIGH
    CVE-2024-38097

    Azure Monitor Agent Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_monitor_agent
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-38029

    Microsoft OpenSSH for Windows Remote Code Execution Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-43686

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 8.2

    HIGH
    CVE-2024-43365

    Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected ... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45291

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedIm... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-46532

    SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-10018

    Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.4

    HIGH
    CVE-2024-38399

    Memory corruption while processing user packets to generate page faults.... Read more

    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 7.3

    HIGH
    CVE-2024-47194

    A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated loc... Read more

    Affected Products : modelsim questa
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.3

    HIGH
    CVE-2024-47195

    A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticate... Read more

    Affected Products : modelsim questa
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.8

    HIGH
    CVE-2024-8422

    CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file.... Read more

    Affected Products : zelio_soft_2
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 8.7

    HIGH
    CVE-2024-8215

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, fr... Read more

    Affected Products : payara
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 6.7

    MEDIUM
    CVE-2024-37976

    Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-47559

    Authenticated RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-47558

    Authenticated RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-45382

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.8

    HIGH
    CVE-2024-37982

    Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-43697

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.... Read more

    Affected Products : openharmony
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 291419 Results