Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2024-7408

    This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42632

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42630

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42626

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42545

    TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42520

    TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.3

    MEDIUM
    CVE-2024-41240

    A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.... Read more

    • Published: Aug. 07, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7399

    Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.... Read more

    Affected Products : magicinfo_9_server
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2024-37129

    Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.... Read more

    Affected Products : inventory_collector
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 7.2

    HIGH
    CVE-2022-4002

    A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.... Read more

    Affected Products : q14_firmware q14
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2022-4003

    A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.... Read more

    Affected Products : q14_firmware q14
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7272

    A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the atta... Read more

    Affected Products : ffmpeg
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2023-1577

    A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.... Read more

    Affected Products : drivers_management
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2019-6198

    A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.... Read more

    Affected Products : pcmanager
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2019-6197

    A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.... Read more

    Affected Products : pcmanager
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 5.5

    MEDIUM
    CVE-2017-3772

    A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.... Read more

    Affected Products : pcmanager
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-7311

    A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may b... Read more

    Affected Products : online_bus_reservation_site
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-7310

    A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file sort_user.php. The manipulation of the argument sort leads to cross site scripting. The atta... Read more

    Affected Products : record_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-7309

    A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to i... Read more

    Affected Products : record_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-6758

    Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments.... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024
Showing 20 of 290006 Results