Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-46706

    In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel sometimes boot hang. It is because normal console still ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 4.4

    MEDIUM
    CVE-2024-8006

    Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesyste... Read more

    Affected Products : libpcap
    • Published: Aug. 31, 2024
    • Modified: Sep. 19, 2024

  • 5.8

    MEDIUM
    CVE-2024-8304

    A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal... Read more

    Affected Products : jpress
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-45304

    Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It in... Read more

    Affected Products : contracts
    • Published: Aug. 31, 2024
    • Modified: Sep. 19, 2024

  • 4.3

    MEDIUM
    CVE-2024-6053

    Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting.... Read more

    • Published: Aug. 28, 2024
    • Modified: Sep. 19, 2024

  • 7.3

    HIGH
    CVE-2024-8260

    A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA... Read more

    Affected Products : windows open_policy_agent
    • Published: Aug. 30, 2024
    • Modified: Sep. 19, 2024

  • 4.6

    MEDIUM
    CVE-2024-35118

    IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.... Read more

    Affected Products : maas360 maas360_mdm
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 8.3

    HIGH
    CVE-2024-6204

    Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 19, 2024

  • 8.1

    HIGH
    CVE-2024-8334

    A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutral... Read more

    Affected Products : sweet-cms
    • Published: Aug. 30, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8335

    A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the att... Read more

    Affected Products : rapidcms
    • Published: Aug. 30, 2024
    • Modified: Sep. 19, 2024

  • 8.1

    HIGH
    CVE-2024-8642

    In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for t... Read more

    Affected Products : eclipse_dataspace_components
    • Published: Sep. 11, 2024
    • Modified: Sep. 19, 2024

  • 7.5

    HIGH
    CVE-2024-45388

    Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can ... Read more

    Affected Products : hoverfly
    • Published: Sep. 02, 2024
    • Modified: Sep. 19, 2024

  • 7.8

    HIGH
    CVE-2024-41869

    Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires... Read more

    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.8

    HIGH
    CVE-2024-45112

    Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource i... Read more

    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-3305

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.... Read more

    Affected Products : soliclub
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-3306

    Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.... Read more

    Affected Products : soliclub
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-5546

    Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.... Read more

    • Published: Aug. 28, 2024
    • Modified: Sep. 19, 2024

  • 8.7

    HIGH
    CVE-2024-7269

    Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to c... Read more

    Affected Products : esp_hr_management
    • Published: Aug. 28, 2024
    • Modified: Sep. 19, 2024

  • 8.7

    HIGH
    CVE-2024-6077

    A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.... Read more

    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-27114

    A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is ... Read more

    Affected Products : soplanning
    • Published: Sep. 11, 2024
    • Modified: Sep. 19, 2024
Showing 20 of 291002 Results