Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-26027

    Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : simics_package_manager
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 5.6

    MEDIUM
    CVE-2024-27461

    Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : memory_and_storage_tool_gui
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-28046

    Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : graphics_performance_analyzers
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 5.5

    MEDIUM
    CVE-2024-28050

    Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : iris_xe_graphics arc_a_graphics
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.3

    HIGH
    CVE-2024-28172

    Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.1

    CRITICAL
    CVE-2024-45758

    H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document ... Read more

    Affected Products : h2o
    • Published: Sep. 06, 2024
    • Modified: Sep. 06, 2024

  • 7.3

    HIGH
    CVE-2024-28876

    Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : mpi_library oneapi_hpc_toolkit
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-42783

    Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Sep. 06, 2024

  • 9.1

    CRITICAL
    CVE-2024-45053

    Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Templa... Read more

    Affected Products : fides
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-45052

    Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of ... Read more

    Affected Products : fides
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024

  • 7.5

    HIGH
    CVE-2024-5412

    A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable devi... Read more

    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 7.5

    HIGH
    CVE-2024-7697

    Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.... Read more

    Affected Products : carlcare carlcare
    • Published: Aug. 12, 2024
    • Modified: Sep. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-8178

    The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the h... Read more

    Affected Products : freebsd
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 4.8

    MEDIUM
    CVE-2024-6498

    The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallo... Read more

    Affected Products : collect.chat
    • Published: Aug. 05, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-45063

    The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution... Read more

    Affected Products : freebsd
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 7.5

    HIGH
    CVE-2024-44073

    The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.... Read more

    Affected Products : miniscript
    • Published: Aug. 19, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-42919

    eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-42679

    SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.... Read more

    • Published: Aug. 15, 2024
    • Modified: Sep. 06, 2024

  • 8.6

    HIGH
    CVE-2024-39713

    A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.... Read more

    Affected Products : rocket.chat
    • Published: Aug. 05, 2024
    • Modified: Sep. 06, 2024

  • 7.2

    HIGH
    CVE-2024-7694

    ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on ... Read more

    Affected Products : threatsonar_anti-ransomware
    • Published: Aug. 12, 2024
    • Modified: Sep. 06, 2024
Showing 20 of 292275 Results