Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-7341

    A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijac... Read more

    • Published: Sep. 09, 2024
    • Modified: Oct. 04, 2024

  • 8.6

    HIGH
    CVE-2024-20467

    A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to im... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 8.6

    HIGH
    CVE-2024-20480

    A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of se... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7732

    Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : dr.id_attendance_system
    • Published: Aug. 14, 2024
    • Modified: Oct. 03, 2024

  • 7.8

    HIGH
    CVE-2024-44967

    In the Linux kernel, the following vulnerability has been resolved: drm/mgag200: Bind I2C lifetime to DRM device Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector s... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-8536

    The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored... Read more

    Affected Products : ultimate_blocks
    • Published: Sep. 30, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23923

    Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploi... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 8.0

    HIGH
    CVE-2024-23935

    Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ab... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 6.8

    MEDIUM
    CVE-2024-23961

    Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 6.8

    MEDIUM
    CVE-2024-23924

    Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not requir... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 4.6

    MEDIUM
    CVE-2024-23960

    Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required ... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44968

    In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptib... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 7.4

    HIGH
    CVE-2024-20317

    A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-20475

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vu... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23958

    Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charg... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 8.0

    HIGH
    CVE-2024-23959

    Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger A... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44969

    In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23957

    Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Eli... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 8.0

    HIGH
    CVE-2024-23967

    Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharge... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 4.3

    MEDIUM
    CVE-2024-8910

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authe... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024
Showing 20 of 291219 Results