Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-38016

    Microsoft Office Visio Remote Code Execution Vulnerability... Read more

    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2024-45619

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled ... Read more

    Affected Products : enterprise_linux opensc
    • Published: Sep. 03, 2024
    • Modified: Sep. 23, 2024

  • 7.2

    HIGH
    CVE-2022-25775

    Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manip... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 23, 2024

  • 5.4

    MEDIUM
    CVE-2022-25774

    Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards.... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 23, 2024

  • 4.8

    MEDIUM
    CVE-2024-8660

    Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be e... Read more

    Affected Products : concrete_cms concrete5
    • Published: Sep. 17, 2024
    • Modified: Sep. 23, 2024

  • 5.3

    MEDIUM
    CVE-2024-45612

    Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrad... Read more

    Affected Products : contao
    • Published: Sep. 17, 2024
    • Modified: Sep. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-8951

    A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripti... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 23, 2024

  • 7.5

    HIGH
    CVE-2024-8948

    A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exp... Read more

    Affected Products : micropython
    • Published: Sep. 17, 2024
    • Modified: Sep. 23, 2024

  • 8.8

    HIGH
    CVE-2024-8949

    A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to impro... Read more

    Affected Products : online_eyewear_shop
    • Published: Sep. 17, 2024
    • Modified: Sep. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-8653

    A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ ht... Read more

    Affected Products : netcat_content_management_system
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-8652

    A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ htt... Read more

    Affected Products : netcat_content_management_system
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 6.9

    MEDIUM
    CVE-2024-8651

    A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibl... Read more

    Affected Products : netcat_content_management_system
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 8.8

    HIGH
    CVE-2024-37339

    Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-38221

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 8.8

    HIGH
    CVE-2024-43489

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 8.8

    HIGH
    CVE-2024-43496

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-9004

    A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possib... Read more

    Affected Products : dar-7000_firmware dar-7000
    • Published: Sep. 19, 2024
    • Modified: Sep. 23, 2024

  • 8.8

    HIGH
    CVE-2024-37340

    Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 23, 2024

  • 8.8

    HIGH
    CVE-2024-37338

    Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 23, 2024

  • 7.1

    HIGH
    CVE-2024-37337

    Microsoft SQL Server Native Scoring Information Disclosure Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 23, 2024
Showing 20 of 291058 Results