Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-9464

    An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API ke... Read more

    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-47044

    Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-45733

    In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.... Read more

    Affected Products : windows splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-45734

    In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. ... Read more

    Affected Products : splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-45735

    In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value ... Read more

    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-45736

    In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-45737

    In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of Ap... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 8.7

    HIGH
    CVE-2024-39516

    An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-9894

    A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the att... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Oct. 12, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-9905

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sq... Read more

    Affected Products : online_eyewear_shop
    • Published: Oct. 13, 2024
    • Modified: Oct. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-9906

    A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site sc... Read more

    Affected Products : online_eyewear_shop
    • Published: Oct. 13, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9916

    A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. Th... Read more

    Affected Products : usualtoolcms
    • Published: Oct. 13, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-9983

    Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9984

    Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-9985

    Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 7.1

    HIGH
    CVE-2024-43581

    Microsoft OpenSSH for Windows Remote Code Execution Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.8

    HIGH
    CVE-2024-43576

    Microsoft Office Remote Code Execution Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-43575

    Windows Hyper-V Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.3

    HIGH
    CVE-2024-43571

    Sudo for Windows Spoofing Vulnerability... Read more

    Affected Products : windows_11_24h2
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 7.0

    HIGH
    CVE-2024-43570

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 291526 Results