Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-48941

    The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.... Read more

    Affected Products : secure_login
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-45746

    An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument lis... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-25825

    FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-47565

    A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker t... Read more

    Affected Products : sinec_security_monitor
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 6.9

    MEDIUM
    CVE-2024-47563

    A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticat... Read more

    Affected Products : sinec_security_monitor
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 9.3

    CRITICAL
    CVE-2024-47562

    A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, low... Read more

    Affected Products : sinec_security_monitor
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 9.9

    CRITICAL
    CVE-2024-47553

    A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote a... Read more

    Affected Products : sinec_security_monitor
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-47951

    In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings... Read more

    Affected Products : teamcity
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-47950

    In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings... Read more

    Affected Products : teamcity
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 7.5

    HIGH
    CVE-2024-47949

    In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location... Read more

    Affected Products : teamcity
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 7.5

    HIGH
    CVE-2024-47948

    In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups... Read more

    Affected Products : teamcity
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-47161

    In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API... Read more

    Affected Products : teamcity
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-44400

    A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.... Read more

    Affected Products : di-8400_firmware di-8400
    • Published: Sep. 04, 2024
    • Modified: Oct. 11, 2024

  • 7.1

    HIGH
    CVE-2024-45932

    Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.... Read more

    Affected Products : krayin_crm
    • Published: Oct. 07, 2024
    • Modified: Oct. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-46446

    Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.... Read more

    Affected Products : mecha
    • Published: Oct. 07, 2024
    • Modified: Oct. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-45115

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or ele... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024

  • 8.1

    HIGH
    CVE-2024-45116

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially craft... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024

  • 7.6

    HIGH
    CVE-2024-45117

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024

  • 6.5

    MEDIUM
    CVE-2024-45118

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass secu... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-45121

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass secu... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 291222 Results