Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-45863

    A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00.... Read more

    Affected Products : thrift
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.2

    CRITICAL
    CVE-2024-3373

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.0

    MEDIUM
    CVE-2024-45745

    TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-8310

    OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.3

    MEDIUM
    CVE-2024-9160

    In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-9275

    A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack ma... Read more

    Affected Products : 123solar
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 7.5

    HIGH
    CVE-2024-45773

    A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.... Read more

    Affected Products : thrift
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 7.3

    HIGH
    CVE-2024-40509

    Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function.... Read more

    Affected Products : openpetra
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.5

    MEDIUM
    CVE-2024-46769

    In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned valu... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 30, 2024

  • 5.5

    MEDIUM
    CVE-2024-46797

    In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU mi... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 6.5

    MEDIUM
    CVE-2022-39068

    There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.... Read more

    Affected Products : mf296r_firmware mf296r
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-39910

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being upload... Read more

    Affected Products : decidim
    • Published: Sep. 16, 2024
    • Modified: Sep. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-37985

    Windows Kernel Information Disclosure Vulnerability... Read more

    Affected Products : windows_11_22h2 windows_11_23h2
    • Published: Sep. 17, 2024
    • Modified: Sep. 29, 2024

  • 4.9

    MEDIUM
    CVE-2024-43188

    IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.... Read more

    Affected Products : business_automation_workflow
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 9.0

    CRITICAL
    CVE-2021-27915

    Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated acces... Read more

    Affected Products : mautic
    • Published: Sep. 17, 2024
    • Modified: Sep. 29, 2024

  • 6.8

    MEDIUM
    CVE-2024-32034

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or ... Read more

    Affected Products : decidim
    • Published: Sep. 16, 2024
    • Modified: Sep. 29, 2024

  • 7.5

    HIGH
    CVE-2024-45300

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times.... Read more

    Affected Products : alf
    • Published: Sep. 06, 2024
    • Modified: Sep. 29, 2024

  • 5.3

    MEDIUM
    CVE-2024-7734

    An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peer... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 28, 2024

  • 8.8

    HIGH
    CVE-2023-45038

    An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version... Read more

    Affected Products : music_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 28, 2024

  • 8.8

    HIGH
    CVE-2023-47563

    An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video St... Read more

    Affected Products : video_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 28, 2024
Showing 20 of 291209 Results