Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-39747

    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.... Read more

    • Published: Aug. 31, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    HIGH
    CVE-2024-42481

    Skyport Daemon (skyportd) is the daemon for the Skyport Panel. By making thousands of folders & files (easy due to skyport's lack of rate limiting on createFolder. createFile), skyportd in a lot of cases will cause 100% CPU usage and an OOM, probably cras... Read more

    Affected Products : skyportd
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 7.8

    HIGH
    CVE-2024-8374

    UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which ar... Read more

    Affected Products : ultimaker_cura
    • Published: Sep. 03, 2024
    • Modified: Sep. 16, 2024

  • 6.4

    MEDIUM
    CVE-2024-43793

    Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and ... Read more

    Affected Products : halo
    • Published: Sep. 11, 2024
    • Modified: Sep. 16, 2024

  • 6.3

    MEDIUM
    CVE-2024-43792

    Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and ... Read more

    Affected Products : halo
    • Published: Sep. 02, 2024
    • Modified: Sep. 16, 2024

  • 8.2

    HIGH
    CVE-2024-42374

    BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can retrieve information from the SAP ADS system and exhaust the number of XMLForm service which makes the SAP ADS render... Read more

    • Published: Aug. 13, 2024
    • Modified: Sep. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-33003

    Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On succ... Read more

    Affected Products : commerce_cloud
    • Published: Aug. 13, 2024
    • Modified: Sep. 16, 2024

  • 5.8

    MEDIUM
    CVE-2024-7705

    A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argumen... Read more

    Affected Products : mwcms
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 6.7

    MEDIUM
    CVE-2024-39574

    Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products : insightiq
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-39581

    Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbit... Read more

    Affected Products : insightiq
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-42425

    Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclos... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-39583

    Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges... Read more

    Affected Products : insightiq
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 6.7

    MEDIUM
    CVE-2024-39580

    Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    Affected Products : insightiq
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 4.4

    MEDIUM
    CVE-2024-39582

    Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : insightiq
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-42474

    Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traver... Read more

    Affected Products : windows streamlit streamlit
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-27257

    IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-7700

    A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the... Read more

    Affected Products : satellite foreman
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-44112

    Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data tab... Read more

    Affected Products : oil_\%\/_gas
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.7

    LOW
    CVE-2024-41728

    Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.7

    LOW
    CVE-2024-44114

    SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 292811 Results