Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-9381

    Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-47011

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47010

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45148

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauth... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47009

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-47008

    Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-47007

    A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-8630

    Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.... Read more

    Affected Products : sibylla_firmware sibylla
    • Published: Sep. 27, 2024
    • Modified: Oct. 16, 2024

  • 6.7

    MEDIUM
    CVE-2024-37983

    Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2023-7260

    Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system.... Read more

    Affected Products : cx-e_voice
    • Published: Aug. 22, 2024
    • Modified: Oct. 16, 2024

  • 4.4

    MEDIUM
    CVE-2024-7489

    The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output e... Read more

    Affected Products : forms_for_mailchimp_by_optin_cat
    • Published: Oct. 12, 2024
    • Modified: Oct. 16, 2024

  • 5.9

    MEDIUM
    CVE-2024-48793

    An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-48771

    An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-48768

    An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-46215

    A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.3

    MEDIUM
    CVE-2024-44807

    A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-44415

    A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.... Read more

    Affected Products : di-8200_firmware
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-44413

    A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.... Read more

    Affected Products : di-8200_firmware
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-41858

    InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victi... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 14, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-48776

    An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 291293 Results