Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-41978

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M8... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-43032

    autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-43031

    autMan v2.9.6 was discovered to contain an access control issue.... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-20450

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying... Read more

    • Published: Aug. 07, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2024-20451

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpecte... Read more

    • Published: Aug. 07, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-20454

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying... Read more

    • Published: Aug. 07, 2024
    • Modified: Aug. 23, 2024

  • 9.2

    CRITICAL
    CVE-2024-21877

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: f... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 23, 2024

  • 9.3

    CRITICAL
    CVE-2024-21876

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envo... Read more

    Affected Products : iq_gateway_firmware iq_gateway
    • Published: Aug. 12, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-21878

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: fr... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-21879

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: fr... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 23, 2024

  • 8.6

    HIGH
    CVE-2024-21880

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-40453

    squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.... Read more

    Affected Products : squirrelly
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 6.8

    MEDIUM
    CVE-2024-41675

    CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datata... Read more

    Affected Products : ckan
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 5.3

    MEDIUM
    CVE-2024-41674

    CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the r... Read more

    Affected Products : ckan
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.2

    HIGH
    CVE-2020-11847

    SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.... Read more

    Affected Products : netiq_privileged_access_manager
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.7

    HIGH
    CVE-2020-11846

    A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3... Read more

    Affected Products : netiq_privileged_access_manager
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.3

    HIGH
    CVE-2020-11850

    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6... Read more

    Affected Products : netiq_self_service_password_reset
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2024-6329

    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the pat... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Aug. 23, 2024

  • 5.4

    MEDIUM
    CVE-2024-4784

    An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2024-28972

    Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : insightiq
    • Published: Aug. 01, 2024
    • Modified: Aug. 23, 2024
Showing 20 of 290147 Results