Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-21757

    A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and version... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 9.0

    CRITICAL
    CVE-2023-26211

    An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.... Read more

    Affected Products : fortisoar
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 8.8

    HIGH
    CVE-2022-45862

    An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all ... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.8

    HIGH
    CVE-2022-27486

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6... Read more

    Affected Products : fortiddos fortiddos-f
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.1

    HIGH
    CVE-2024-5849

    An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.1

    HIGH
    CVE-2024-38502

    An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-38501

    An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 9.1

    CRITICAL
    CVE-2024-37287

    A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitra... Read more

    Affected Products : kibana
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.5

    HIGH
    CVE-2024-35124

    A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ... Read more

    Affected Products : openbmc
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 7.5

    HIGH
    CVE-2024-40697

    IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895.... Read more

    Affected Products : common_licensing
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 5.8

    MEDIUM
    CVE-2024-7706

    A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launch... Read more

    Affected Products : mwcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-7707

    A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument p... Read more

    Affected Products : fh1206_firmware fh1206
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 8.8

    HIGH
    CVE-2024-42604

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3... Read more

    Affected Products : pligg_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7743

    A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads... Read more

    Affected Products : ltcms
    • Published: Aug. 13, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7909

    A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to sta... Read more

    Affected Products : ex1200l_firmware ex1200l
    • Published: Aug. 18, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7742

    A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side ... Read more

    Affected Products : ltcms
    • Published: Aug. 13, 2024
    • Modified: Aug. 21, 2024

  • 6.9

    MEDIUM
    CVE-2024-7741

    A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. ... Read more

    Affected Products : ltcms
    • Published: Aug. 13, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7740

    A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side ... Read more

    Affected Products : ltcms
    • Published: Aug. 13, 2024
    • Modified: Aug. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-41332

    Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7614

    A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible... Read more

    Affected Products : fh1206_firmware fh1206
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024
Showing 20 of 290133 Results