Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-41868

    Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issu... Read more

    Affected Products : mac_os_x windows audition
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8708

    A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be... Read more

    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-38222

    Microsoft Edge (Chromium-based) Information Disclosure Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 7.3

    HIGH
    CVE-2024-20430

    A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is due to incorrect handling of directory search paths at r... Read more

    Affected Products : meraki_systems_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2023-48171

    An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.... Read more

    Affected Products : defectdojo
    • Published: Aug. 12, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-8749

    SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and... Read more

    Affected Products : i-doit
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-41475

    Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.... Read more

    Affected Products : gnuboard
    • Published: Aug. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-27113

    An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by ex... Read more

    Affected Products : soplanning
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-27112

    A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in versio... Read more

    Affected Products : soplanning
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-45790

    This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legit... Read more

    Affected Products : aim-star
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    HIGH
    CVE-2024-42485

    Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the URL. Patched with Version v2.3.3.... Read more

    Affected Products : filament_excel
    • Published: Aug. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8144

    A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be l... Read more

    Affected Products : classcms classcms
    • Published: Aug. 25, 2024
    • Modified: Sep. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-38270

    An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-base... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 18, 2024

  • 8.7

    HIGH
    CVE-2024-45787

    This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API reque... Read more

    Affected Products : aim-star
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-7727

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and ... Read more

    Affected Products : html5_video_player
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-8517

    SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.... Read more

    Affected Products : spip
    • Published: Sep. 06, 2024
    • Modified: Sep. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-7721

    The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes i... Read more

    Affected Products : html5_video_player
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 8.8

    HIGH
    CVE-2024-45041

    External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has... Read more

    Affected Products : external_secrets_operator
    • Published: Sep. 09, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-8611

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack... Read more

    Affected Products : tailoring_management_system
    • Published: Sep. 09, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    HIGH
    CVE-2024-43327

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7.... Read more

    Affected Products : invite_anyone
    • Published: Aug. 18, 2024
    • Modified: Sep. 18, 2024
Showing 20 of 290994 Results