Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-7961

    A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.... Read more

    Affected Products : pavilion8
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8782

    A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. ... Read more

    Affected Products : jfinalcms
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 8.2

    HIGH
    CVE-2024-5754

    BT: Encryption procedure host vulnerability... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 6.8

    MEDIUM
    CVE-2024-6258

    BT: Missing length checks of net_buf in rfcomm_handle_data... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-8783

    A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads ... Read more

    Affected Products : myaac
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-8784

    A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] wit... Read more

    Affected Products : smart_school
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-44430

    SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface... Read more

    Affected Products : best_free_law_office_management
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-5931

    BT: Unchecked user input in bap_broadcast_assistant... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-6135

    BT:Classic: Multiple missing buf length checks... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-6259

    BT: HCI: adv_ext_report Improper discarding in adv_ext_report... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-6137

    BT: Classic: SDP OOB access in get_att_search_list... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.4

    HIGH
    CVE-2021-38133

    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2021-38132

    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2021-38131

    Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8750

    Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,t... Read more

    Affected Products : i-doit
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-34334

    ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-34335

    ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 10.0

    CRITICAL
    CVE-2024-27115

    A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements... Read more

    Affected Products : soplanning
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-34336

    User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-45181

    An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.... Read more

    Affected Products : windows wibukey
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024
Showing 20 of 291002 Results