Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-7615

    A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack... Read more

    Affected Products : fh1206_firmware fh1206
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7613

    A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be init... Read more

    Affected Products : fh1206_firmware fh1206
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 7.5

    HIGH
    CVE-2024-43022

    An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42608

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.... Read more

    Affected Products : pligg_cms
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-42579

    A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.... Read more

    Affected Products : warehouse_inventory_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-36131

    An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Aug. 07, 2024
    • Modified: Aug. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-28740

    Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.... Read more

    Affected Products : koha
    • Published: Aug. 06, 2024
    • Modified: Aug. 21, 2024

  • 6.8

    MEDIUM
    CVE-2024-40893

    Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network conf... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 7.1

    HIGH
    CVE-2024-40892

    A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) int... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 7.5

    HIGH
    CVE-2024-42950

    Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Aug. 15, 2024
    • Modified: Aug. 21, 2024

  • 2.0

    LOW
    CVE-2022-26328

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 5.1

    MEDIUM
    CVE-2022-26327

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 3.1

    LOW
    CVE-2024-43411

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, th... Read more

    Affected Products : ckeditor
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.8

    HIGH
    CVE-2024-33657

    This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.... Read more

    Affected Products : aptio_v
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 7.8

    HIGH
    CVE-2024-33656

    The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms... Read more

    Affected Products : aptio_v
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42572

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.8

    HIGH
    CVE-2024-40500

    Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.... Read more

    Affected Products : i-librarian
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 9.0

    CRITICAL
    CVE-2024-35540

    A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : typecho
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 5.3

    MEDIUM
    CVE-2024-42369

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in... Read more

    Affected Products : javascript_sdk
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 8.7

    HIGH
    CVE-2024-6378

    A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024
Showing 20 of 290133 Results