Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-34672

    Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 7.5

    HIGH
    CVE-2024-25885

    An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 5.1

    MEDIUM
    CVE-2024-46886

    The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user ... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 2.9

    LOW
    CVE-2024-47813

    Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type regis... Read more

    Affected Products : wasmtime
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 9.1

    CRITICAL
    CVE-2024-45160

    Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.7

    MEDIUM
    CVE-2024-38817

    VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 7.6

    HIGH
    CVE-2024-47334

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n/a through 2.7.1.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.4

    HIGH
    CVE-2024-9412

    An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 6.0

    MEDIUM
    CVE-2024-47815

    IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editinc... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.0

    MEDIUM
    CVE-2024-47812

    ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone w... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.7

    HIGH
    CVE-2024-39525

    An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and re... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-47832

    ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits... Read more

    Affected Products : ssoready
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.7

    HIGH
    CVE-2024-39515

    An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause r... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-47763

    Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was co... Read more

    Affected Products : wasmtime
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.7

    MEDIUM
    CVE-2024-38818

    VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-7963

    The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-9449

    The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : auto_iframe
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-9451

    The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-38815

    VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.2

    HIGH
    CVE-2024-9468

    A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this ... Read more

    Affected Products : pan-os prisma_access
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 292212 Results