Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-47828

    ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a req... Read more

    Affected Products : ampache
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-47767

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not ha... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    MEDIUM
    CVE-2024-47766

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the conte... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 7.2

    HIGH
    CVE-2024-9548

    The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This ... Read more

    Affected Products : slimstat_analytics
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-9546

    The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution resul... Read more

    Affected Products : wpide
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-43559

    Windows Mobile Broadband Driver Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-43558

    Windows Mobile Broadband Driver Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-43557

    Windows Mobile Broadband Driver Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    MEDIUM
    CVE-2024-45738

    In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG loggi... Read more

    Affected Products : splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    MEDIUM
    CVE-2024-45739

    In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at... Read more

    Affected Products : splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-45740

    In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result i... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-45741

    In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom conf... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 8.0

    HIGH
    CVE-2024-45731

    In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows Syst... Read more

    Affected Products : windows splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    HIGH
    CVE-2024-45732

    In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles cou... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 8.2

    HIGH
    CVE-2024-9466

    A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.... Read more

    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 9.3

    CRITICAL
    CVE-2024-9464

    An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API ke... Read more

    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-47044

    Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-45733

    In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.... Read more

    Affected Products : windows splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-45734

    In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. ... Read more

    Affected Products : splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-45735

    In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value ... Read more

    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 291541 Results