Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-7029

    Commands can be injected over the network and executed without authentication.... Read more

    Affected Products : avm1203_firmware avm1203
    • Published: Aug. 02, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-5290

    An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev g... Read more

    Affected Products : ubuntu_linux wpa_supplicant
    • Published: Aug. 07, 2024
    • Modified: Sep. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-42482

    fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the `pattern` input (specifically the command separator `;` and command substitution characters `(` and `)`) mean that arbitrary comma... Read more

    Affected Products : syntax-check
    • Published: Aug. 12, 2024
    • Modified: Sep. 17, 2024

  • 7.8

    HIGH
    CVE-2024-0107

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalati... Read more

    • Published: Aug. 08, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    HIGH
    CVE-2024-42033

    Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 08, 2024
    • Modified: Sep. 17, 2024

  • 7.8

    HIGH
    CVE-2024-44945

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-8779

    OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining... Read more

    Affected Products : omflow
    • Published: Sep. 16, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-43461

    Windows MSHTML Platform Spoofing Vulnerability... Read more

    • Actively Exploited
    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-8868

    A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be init... Read more

    Affected Products : crud_operation_system
    • Published: Sep. 15, 2024
    • Modified: Sep. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-8867

    A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads ... Read more

    Affected Products : perfex_crm
    • Published: Sep. 15, 2024
    • Modified: Sep. 17, 2024

  • 5.1

    MEDIUM
    CVE-2024-8865

    A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been... Read more

    Affected Products : composio
    • Published: Sep. 15, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-8864

    A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to c... Read more

    Affected Products : composio
    • Published: Sep. 15, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-8039

    Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.... Read more

    Affected Products :
    • Published: Sep. 14, 2024
    • Modified: Sep. 17, 2024

  • 8.1

    HIGH
    CVE-2024-39585

    Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side r... Read more

    Affected Products : smartfabric_os10
    • Published: Sep. 06, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-6670

    In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.... Read more

    Affected Products : whatsup_gold
    • Actively Exploited
    • Published: Aug. 29, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-42365

    Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configurat... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Aug. 08, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-40766

    An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall G... Read more

    • Actively Exploited
    • Published: Aug. 23, 2024
    • Modified: Sep. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-42489

    Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vul... Read more

    Affected Products : pro_macros
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-0102

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of s... Read more

    Affected Products : linux_kernel windows cuda_toolkit
    • Published: Aug. 08, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-0108

    NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of... Read more

    • Published: Aug. 08, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 292879 Results