Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-8869

    A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. T... Read more

    Affected Products : a720r_firmware a720r
    • Published: Sep. 15, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-8876

    A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The... Read more

    Affected Products : tpmecms tpmecms
    • Published: Sep. 15, 2024
    • Modified: Sep. 20, 2024

  • 6.7

    MEDIUM
    CVE-2024-20469

    A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerabi... Read more

    Affected Products : identity_services_engine
    • Published: Sep. 04, 2024
    • Modified: Sep. 20, 2024

  • 5.0

    MEDIUM
    CVE-2024-43799

    Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.... Read more

    Affected Products : send
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 4.7

    MEDIUM
    CVE-2024-21906

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability ... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-32763

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulner... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-8880

    A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot of the component Template Handler. The manipulation of t... Read more

    Affected Products : playsms
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 7.8

    HIGH
    CVE-2023-39298

    A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform vi... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 2.6

    LOW
    CVE-2024-32771

    An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary n... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-8776

    SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.... Read more

    Affected Products : smartrobot_firmware smartrobot
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.4

    CRITICAL
    CVE-2024-8963

    Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.... Read more

    • Actively Exploited
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-45590

    body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in d... Read more

    Affected Products : body-parser
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 4.3

    MEDIUM
    CVE-2024-45323

    An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organiz... Read more

    Affected Products : fortiedrmanager
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-45407

    Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing... Read more

    Affected Products : sunshine
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 5.0

    MEDIUM
    CVE-2024-43796

    Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.... Read more

    Affected Products : express express
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-46690

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirming fl->fl_lmops is the expected manager. nfs... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-46689

    In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-8862

    A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query l... Read more

    Affected Products : h2o
    • Published: Sep. 14, 2024
    • Modified: Sep. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-8863

    A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site... Read more

    Affected Products : aim
    • Published: Sep. 14, 2024
    • Modified: Sep. 20, 2024

  • 6.9

    MEDIUM
    CVE-2024-8866

    A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remot... Read more

    Affected Products : autocms
    • Published: Sep. 15, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 291009 Results