Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2024-45745

    TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 8.8

    HIGH
    CVE-2024-46441

    An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an uncompressed file is... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 7.0

    HIGH
    CVE-2024-39364

    Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP req... Read more

    Affected Products : adam-5630_firmware
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.3

    MEDIUM
    CVE-2024-9276

    A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to cross site scripting. It is possible to launch the a... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 4.8

    MEDIUM
    CVE-2024-9283

    A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The e... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.2

    CRITICAL
    CVE-2024-22170

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102.... Read more

    Affected Products : my_cloud_firmware
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.8

    MEDIUM
    CVE-2024-9278

    A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of t... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 7.5

    HIGH
    CVE-2024-45773

    A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.... Read more

    Affected Products : thrift
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-9294

    A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username l... Read more

    Affected Products : dingfanzu
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.3

    MEDIUM
    CVE-2024-45863

    A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00.... Read more

    Affected Products : thrift
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-9275

    A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack ma... Read more

    Affected Products : 123solar
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.5

    MEDIUM
    CVE-2024-46769

    In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned valu... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 30, 2024

  • 5.5

    MEDIUM
    CVE-2024-46797

    In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU mi... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 6.5

    MEDIUM
    CVE-2022-39068

    There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.... Read more

    Affected Products : mf296r_firmware mf296r
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-39910

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being upload... Read more

    Affected Products : decidim
    • Published: Sep. 16, 2024
    • Modified: Sep. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-37985

    Windows Kernel Information Disclosure Vulnerability... Read more

    Affected Products : windows_11_22h2 windows_11_23h2
    • Published: Sep. 17, 2024
    • Modified: Sep. 29, 2024

  • 4.9

    MEDIUM
    CVE-2024-43188

    IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.... Read more

    Affected Products : business_automation_workflow
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 9.0

    CRITICAL
    CVE-2021-27915

    Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated acces... Read more

    Affected Products : mautic
    • Published: Sep. 17, 2024
    • Modified: Sep. 29, 2024

  • 6.8

    MEDIUM
    CVE-2024-32034

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or ... Read more

    Affected Products : decidim
    • Published: Sep. 16, 2024
    • Modified: Sep. 29, 2024

  • 7.5

    HIGH
    CVE-2024-45300

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times.... Read more

    Affected Products : alf
    • Published: Sep. 06, 2024
    • Modified: Sep. 29, 2024
Showing 20 of 291117 Results