Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-7015

    Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.... Read more

    Affected Products : passbox
    • Published: Sep. 09, 2024
    • Modified: Sep. 23, 2024

  • 7.5

    HIGH
    CVE-2024-37068

    IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.... Read more

    Affected Products : maximo_application_suite
    • Published: Sep. 07, 2024
    • Modified: Sep. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-35136

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.... Read more

    Affected Products : db2
    • Published: Aug. 14, 2024
    • Modified: Sep. 21, 2024

  • 8.2

    HIGH
    CVE-2024-35133

    IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could ex... Read more

    • Published: Aug. 29, 2024
    • Modified: Sep. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-31882

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.... Read more

    Affected Products : db2
    • Published: Aug. 14, 2024
    • Modified: Sep. 21, 2024

  • 7.5

    HIGH
    CVE-2024-28799

    IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the ... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Aug. 14, 2024
    • Modified: Sep. 21, 2024

  • 7.5

    HIGH
    CVE-2023-47728

    IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This informa... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Aug. 16, 2024
    • Modified: Sep. 21, 2024

  • 8.1

    HIGH
    CVE-2022-43915

    IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access... Read more

    • Published: Aug. 24, 2024
    • Modified: Sep. 21, 2024

  • 4.7

    MEDIUM
    CVE-2022-38382

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: ... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Aug. 13, 2024
    • Modified: Sep. 21, 2024

  • 8.8

    HIGH
    CVE-2024-38877

    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data M... Read more

    • Published: Aug. 02, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-38879

    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public net... Read more

    Affected Products : omnivise_t3000_application_server
    • Published: Aug. 02, 2024
    • Modified: Sep. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-8875

    A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched rem... Read more

    Affected Products : wcms
    • Published: Sep. 15, 2024
    • Modified: Sep. 20, 2024

  • 9.3

    CRITICAL
    CVE-2024-8752

    The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.... Read more

    Affected Products : windows webiq
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-45595

    D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is t... Read more

    Affected Products : d-tale
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 8.2

    HIGH
    CVE-2024-45592

    auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in ... Read more

    Affected Products : auditor-bundle
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 5.3

    MEDIUM
    CVE-2024-45591

    XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the... Read more

    Affected Products : xwiki
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-31490

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get req... Read more

    Affected Products : fortisandbox
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 7.3

    HIGH
    CVE-2024-33508

    An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary opera... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 4.6

    MEDIUM
    CVE-2024-35282

    A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical a... Read more

    Affected Products : forticlient forticlientios
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 3.7

    LOW
    CVE-2024-36511

    An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when c... Read more

    Affected Products : fortiadc
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 291058 Results