Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2024-6135

    BT:Classic: Multiple missing buf length checks... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-6259

    BT: HCI: adv_ext_report Improper discarding in adv_ext_report... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-6137

    BT: Classic: SDP OOB access in get_att_search_list... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.4

    HIGH
    CVE-2021-38133

    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2021-38132

    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2021-38131

    Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8750

    Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,t... Read more

    Affected Products : i-doit
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-34334

    ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-34335

    ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 10.0

    CRITICAL
    CVE-2024-27115

    A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements... Read more

    Affected Products : soplanning
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-34336

    User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-45181

    An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.... Read more

    Affected Products : windows wibukey
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-45303

    Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s d... Read more

    Affected Products : discourse_calendar calendar
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8646

    In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applica... Read more

    Affected Products : glassfish
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 8.7

    HIGH
    CVE-2024-45786

    This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead... Read more

    Affected Products : aim-star
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 8.7

    HIGH
    CVE-2024-45788

    This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endp... Read more

    Affected Products : aim-star
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 6.9

    MEDIUM
    CVE-2024-45789

    This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating param... Read more

    Affected Products : aim-star
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 7.8

    HIGH
    CVE-2024-8306

    CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering w... Read more

    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 6.7

    MEDIUM
    CVE-2024-38483

    Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 18, 2024

  • 7.8

    HIGH
    CVE-2024-39378

    Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ... Read more

    Affected Products : mac_os_x windows audition
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024
Showing 20 of 290994 Results