Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-7469

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The man... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7468

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpn_config_mod of the file /vpn/list_service_manage.php of the component Web Interface. The manipulation of... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7467

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-7466

    A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Application Firewall. The manipulation leads to cross site scripting. The attack can be launched ... Read more

    Affected Products : pmweb
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 8.8

    HIGH
    CVE-2024-7460

    A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery.... Read more

    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 8.8

    HIGH
    CVE-2024-7459

    A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch th... Read more

    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7458

    A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation o... Read more

    Affected Products : eladmin
    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 7.1

    HIGH
    CVE-2024-7396

    Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 7.8

    HIGH
    CVE-2024-6472

    Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning ... Read more

    Affected Products : libreoffice
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-7395

    An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-7397

    Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-40498

    SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php... Read more

    Affected Products : online_shopping_system_advanced
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 3.9

    LOW
    CVE-2024-41811

    ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 3.0

    LOW
    CVE-2024-42350

    Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-6915

    JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.... Read more

    Affected Products : artifactory
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 7.2

    HIGH
    CVE-2024-7485

    The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in the 'UserWebStat' AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products :
    • Published: Aug. 06, 2024
    • Modified: Aug. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-6886

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.... Read more

    Affected Products : gitea
    • Published: Aug. 06, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-6782

    Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.... Read more

    Affected Products : calibre
    • Published: Aug. 06, 2024
    • Modified: Aug. 06, 2024

  • 8.8

    HIGH
    CVE-2024-41376

    dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 8.8

    HIGH
    CVE-2023-5000

    The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via the plugin's 'hsas-shortcode' shortcode in versions up to, and including, 2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient... Read more

    Affected Products :
    • Published: Aug. 06, 2024
    • Modified: Aug. 06, 2024
Showing 20 of 289977 Results