Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-42439

    Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 29, 2024

  • 6.7

    MEDIUM
    CVE-2024-42440

    Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 28, 2024

  • 6.7

    MEDIUM
    CVE-2024-42441

    Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 28, 2024

  • 8.8

    HIGH
    CVE-2024-7969

    Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 21, 2024
    • Modified: Aug. 28, 2024

  • 5.9

    MEDIUM
    CVE-2024-31905

    IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information usin... Read more

    Affected Products : qradar_network_packet_capture
    • Published: Aug. 15, 2024
    • Modified: Aug. 28, 2024

  • 6.2

    MEDIUM
    CVE-2024-7867

    In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.... Read more

    Affected Products : xpdf
    • Published: Aug. 15, 2024
    • Modified: Aug. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-42466

    Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.... Read more

    Affected Products : upkeeper_manager upkeeper_manager
    • Published: Aug. 16, 2024
    • Modified: Aug. 28, 2024

  • 10.0

    CRITICAL
    CVE-2024-42462

    Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.... Read more

    Affected Products : upkeeper_manager
    • Published: Aug. 16, 2024
    • Modified: Aug. 28, 2024

  • 8.6

    HIGH
    CVE-2024-42463

    Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.... Read more

    Affected Products : upkeeper_manager
    • Published: Aug. 16, 2024
    • Modified: Aug. 28, 2024

  • 7.6

    HIGH
    CVE-2024-42464

    Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.... Read more

    Affected Products : upkeeper_manager
    • Published: Aug. 16, 2024
    • Modified: Aug. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-42465

    Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.... Read more

    Affected Products : upkeeper_manager
    • Published: Aug. 16, 2024
    • Modified: Aug. 28, 2024

  • 7.2

    HIGH
    CVE-2024-39717

    The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this priv... Read more

    Affected Products : versa_director
    • Actively Exploited
    • Published: Aug. 22, 2024
    • Modified: Aug. 28, 2024

  • 8.3

    HIGH
    CVE-2024-43472

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Aug. 16, 2024
    • Modified: Aug. 28, 2024

  • 5.3

    MEDIUM
    CVE-2023-4024

    The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to dele... Read more

    Affected Products : radio_player
    • Published: Aug. 17, 2024
    • Modified: Aug. 28, 2024

  • 5.3

    MEDIUM
    CVE-2023-4025

    The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to upda... Read more

    Affected Products : radio_player
    • Published: Aug. 17, 2024
    • Modified: Aug. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-7578

    A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possibl... Read more

    Affected Products : alr-f800_firmware alr-f800
    • Published: Aug. 07, 2024
    • Modified: Aug. 28, 2024

  • 8.8

    HIGH
    CVE-2024-7579

    A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation ... Read more

    Affected Products : alr-f800_firmware alr-f800
    • Published: Aug. 07, 2024
    • Modified: Aug. 28, 2024

  • 7.8

    HIGH
    CVE-2024-7061

    Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.... Read more

    Affected Products : verify
    • Published: Aug. 07, 2024
    • Modified: Aug. 28, 2024

  • 7.3

    HIGH
    CVE-2024-6361

    Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.... Read more

    Affected Products : alm_octane
    • Published: Aug. 05, 2024
    • Modified: Aug. 28, 2024

  • 5.5

    MEDIUM
    CVE-2024-43915

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102.... Read more

    • Published: Aug. 26, 2024
    • Modified: Aug. 28, 2024
Showing 20 of 291728 Results