Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8310

    OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 2.4

    LOW
    CVE-2024-42496

    Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device t... Read more

    Affected Products :
    • Published: Sep. 30, 2024
    • Modified: Sep. 30, 2024

  • 8.7

    HIGH
    CVE-2024-6436

    An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, a... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.5

    MEDIUM
    CVE-2024-46769

    In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned valu... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 30, 2024

  • 5.5

    MEDIUM
    CVE-2024-46797

    In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU mi... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 6.5

    MEDIUM
    CVE-2022-39068

    There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.... Read more

    Affected Products : mf296r_firmware mf296r
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-39910

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being upload... Read more

    Affected Products : decidim
    • Published: Sep. 16, 2024
    • Modified: Sep. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-37985

    Windows Kernel Information Disclosure Vulnerability... Read more

    Affected Products : windows_11_22h2 windows_11_23h2
    • Published: Sep. 17, 2024
    • Modified: Sep. 29, 2024

  • 4.9

    MEDIUM
    CVE-2024-43188

    IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.... Read more

    Affected Products : business_automation_workflow
    • Published: Sep. 18, 2024
    • Modified: Sep. 29, 2024

  • 9.0

    CRITICAL
    CVE-2021-27915

    Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated acces... Read more

    Affected Products : mautic
    • Published: Sep. 17, 2024
    • Modified: Sep. 29, 2024

  • 6.8

    MEDIUM
    CVE-2024-32034

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or ... Read more

    Affected Products : decidim
    • Published: Sep. 16, 2024
    • Modified: Sep. 29, 2024

  • 7.5

    HIGH
    CVE-2024-45300

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times.... Read more

    Affected Products : alf
    • Published: Sep. 06, 2024
    • Modified: Sep. 29, 2024

  • 5.3

    MEDIUM
    CVE-2024-7734

    An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peer... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 28, 2024

  • 8.8

    HIGH
    CVE-2023-45038

    An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version... Read more

    Affected Products : music_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 28, 2024

  • 8.8

    HIGH
    CVE-2023-47563

    An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video St... Read more

    Affected Products : video_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 28, 2024

  • 8.8

    HIGH
    CVE-2023-50360

    A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Stati... Read more

    Affected Products : video_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 28, 2024

  • 7.8

    HIGH
    CVE-2024-42025

    A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.... Read more

    Affected Products : unifi_network_application
    • Published: Sep. 13, 2024
    • Modified: Sep. 28, 2024

  • 6.1

    MEDIUM
    CVE-2024-8054

    The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : mm-breaking_news
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8056

    The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : mm-breaking_news
    • Published: Sep. 12, 2024
    • Modified: Sep. 27, 2024

  • 4.8

    MEDIUM
    CVE-2024-6493

    The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi... Read more

    Affected Products : header_footer_custom_code
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024
Showing 20 of 291222 Results