Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2024-41849

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of ... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-41848

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be execut... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-41847

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be execut... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-41846

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-45258

    The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.... Read more

    Affected Products :
    • Published: Aug. 25, 2024
    • Modified: Aug. 26, 2024

  • 7.3

    HIGH
    CVE-2024-43688

    cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.... Read more

    Affected Products : openbsd openbsd
    • Published: Aug. 20, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-41845

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-41844

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-41843

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-41842

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-41841

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be execut... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-44382

    D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.... Read more

    Affected Products : di_8004w_firmware di_8004w
    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-44381

    D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.... Read more

    Affected Products : di_8004w_firmware di_8004w
    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-45256

    An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add i... Read more

    Affected Products :
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-8161

    SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve ... Read more

    Affected Products :
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 8.8

    HIGH
    CVE-2024-7656

    The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Aug. 24, 2024
    • Modified: Aug. 26, 2024

  • 4.9

    MEDIUM
    CVE-2024-43443

    Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins... Read more

    Affected Products : otrs
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 8.2

    HIGH
    CVE-2024-43444

    Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS... Read more

    Affected Products : otrs
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-41774

    IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : common_licensing
    • Published: Aug. 13, 2024
    • Modified: Aug. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-7934

    A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file execute.php. The manipulation of the argument code leads to sql injec... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 19, 2024
    • Modified: Aug. 23, 2024
Showing 20 of 290162 Results