Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.0

    LOW
    CVE-2024-2502

    An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper ... Read more

    Affected Products :
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 5.5

    MEDIUM
    CVE-2024-7537

    oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 7.8

    HIGH
    CVE-2024-7538

    oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 7.8

    HIGH
    CVE-2024-7539

    oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in o... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 3.3

    LOW
    CVE-2024-7540

    oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 3.3

    LOW
    CVE-2024-7541

    oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on ... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 3.3

    LOW
    CVE-2024-7542

    oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 7.8

    HIGH
    CVE-2024-7546

    oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 8.0

    HIGH
    CVE-2024-6200

    HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting fro... Read more

    Affected Products : haloitsm
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 5.3

    MEDIUM
    CVE-2024-6201

    HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.14... Read more

    Affected Products : haloitsm
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-6202

    HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM version... Read more

    Affected Products : haloitsm
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 8.3

    HIGH
    CVE-2024-6203

    HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by t... Read more

    Affected Products : haloitsm
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-39751

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID... Read more

    Affected Products : infosphere_information_server
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-43111

    Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.... Read more

    Affected Products : firefox
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-34636

    Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.... Read more

    Affected Products : email
    • Published: Aug. 07, 2024
    • Modified: Aug. 29, 2024

  • 10.0

    CRITICAL
    CVE-2024-42467

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can ... Read more

    Affected Products : openhab openhab_web_interface
    • Published: Aug. 12, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8210

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. ... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 8.8

    HIGH
    CVE-2024-43140

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a throug... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 29, 2024

  • 8.1

    HIGH
    CVE-2024-3035

    A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8211

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. ... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024
Showing 20 of 290171 Results