Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-21658

    discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandw... Read more

    Affected Products : discourse_calendar calendar
    • Published: Aug. 30, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-7078

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024.... Read more

    Affected Products : semtek_sempos
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-45522

    Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.... Read more

    Affected Products : linen
    • Published: Sep. 02, 2024
    • Modified: Sep. 05, 2024

  • 7.5

    HIGH
    CVE-2024-20089

    In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: ... Read more

    Affected Products : android yocto rdk-b mt6835 mt6878 mt6886 mt6897 mt6980 mt6985 mt6989 +5 more products
    • Published: Sep. 02, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-20087

    In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MS... Read more

    Affected Products : android mt6779 mt6785 mt6765 mt6768 mt8667 mt8766 mt8768 mt8781 mt8788 +3 more products
    • Published: Sep. 02, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-20086

    In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MS... Read more

    Affected Products : android mt6779 mt6785 mt6765 mt6768 mt8667 mt8766 mt8768 mt8781 mt8788 +3 more products
    • Published: Sep. 02, 2024
    • Modified: Sep. 05, 2024

  • 7.5

    HIGH
    CVE-2024-8409

    A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: '../filedir'. It is possible to ini... Read more

    Affected Products : abcd
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 7.5

    HIGH
    CVE-2024-8410

    A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argument sitio leads to path traversal. The attack can be in... Read more

    Affected Products : abcd
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 8.4

    HIGH
    CVE-2024-6473

    Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.... Read more

    Affected Products : yandex_browser
    • Published: Sep. 03, 2024
    • Modified: Sep. 05, 2024

  • 5.3

    MEDIUM
    CVE-2024-8411

    A vulnerability, which was classified as problematic, has been found in ABCD ABCD2 up to 2.2.0-beta-1. This issue affects some unknown processing of the file /buscar_integrada.php. The manipulation of the argument Sub_Expresion leads to cross site scripti... Read more

    Affected Products : abcd
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 9.6

    CRITICAL
    CVE-2024-7345

    Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release pla... Read more

    Affected Products : openedge
    • Published: Sep. 03, 2024
    • Modified: Sep. 05, 2024

  • 7.2

    HIGH
    CVE-2024-7346

    Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overrid... Read more

    Affected Products : openedge
    • Published: Sep. 03, 2024
    • Modified: Sep. 05, 2024

  • 8.3

    HIGH
    CVE-2024-7654

    An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM ... Read more

    Affected Products : openedge
    • Published: Sep. 03, 2024
    • Modified: Sep. 05, 2024

  • 7.5

    HIGH
    CVE-2024-34659

    Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.... Read more

    Affected Products : group_sharing
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-34657

    Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : notes
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 7.1

    HIGH
    CVE-2024-34658

    Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.... Read more

    Affected Products : notes
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-8330

    6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.... Read more

    Affected Products : 6shr_system
    • Published: Aug. 30, 2024
    • Modified: Sep. 05, 2024

  • 8.8

    HIGH
    CVE-2024-8329

    6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents.... Read more

    Affected Products : 6shr_system
    • Published: Aug. 30, 2024
    • Modified: Sep. 05, 2024

  • 9.3

    CRITICAL
    CVE-2024-7262

    Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-... Read more

    Affected Products : wps_office windows
    • Actively Exploited
    • Published: Aug. 15, 2024
    • Modified: Sep. 05, 2024

  • 7.8

    HIGH
    CVE-2024-34660

    Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.... Read more

    Affected Products : notes
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024
Showing 20 of 292124 Results