Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-9622

    A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transitio... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-3057

    A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 7.5

    HIGH
    CVE-2024-25885

    An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 4.9

    MEDIUM
    CVE-2024-36814

    An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-41798

    A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass th... Read more

    Affected Products : sentron_pac3200_firmware
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 7.3

    HIGH
    CVE-2024-3506

    A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-8433

    The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and ou... Read more

    Affected Products : easy_mega_menu_plugin mega_menu
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 6.1

    MEDIUM
    CVE-2024-9207

    The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated att... Read more

    Affected Products : buddypress_docs
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 8.7

    HIGH
    CVE-2024-8626

    Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected product... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 3.1

    LOW
    CVE-2024-47780

    TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowe... Read more

    Affected Products : typo3
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 5.1

    MEDIUM
    CVE-2024-46886

    The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user ... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.1

    CRITICAL
    CVE-2024-45160

    Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.5

    MEDIUM
    CVE-2023-45359

    An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-9470

    A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.... Read more

    Affected Products : cortex_xsoar
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-38815

    VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.7

    MEDIUM
    CVE-2024-38817

    VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 7.6

    HIGH
    CVE-2024-47334

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n/a through 2.7.1.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.0

    MEDIUM
    CVE-2024-47815

    IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editinc... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.0

    MEDIUM
    CVE-2024-47812

    ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone w... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.4

    HIGH
    CVE-2023-37154

    check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 291368 Results