Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-42246

    In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket()... Read more

    Affected Products : linux_kernel
    • Published: Aug. 07, 2024
    • Modified: Sep. 12, 2024

  • 7.3

    HIGH
    CVE-2024-38226

    Microsoft Publisher Security Feature Bypass Vulnerability... Read more

    • Actively Exploited
    • Published: Sep. 10, 2024
    • Modified: Sep. 12, 2024

  • 7.4

    HIGH
    CVE-2024-27729

    Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-37286

    APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response... Read more

    Affected Products : apm_server
    • Published: Aug. 03, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7500

    A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upl... Read more

    Affected Products : airline_reservation_system
    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-7506

    A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted up... Read more

    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7505

    A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launc... Read more

    Affected Products : bike_delivery_system
    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7585

    A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads t... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 07, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7584

    A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible t... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 07, 2024
    • Modified: Sep. 11, 2024

  • 7.8

    HIGH
    CVE-2024-43114

    In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions... Read more

    Affected Products : teamcity
    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 6.6

    MEDIUM
    CVE-2024-42034

    LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 08, 2024
    • Modified: Sep. 11, 2024

  • 8.4

    HIGH
    CVE-2024-42035

    Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 08, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-8147

    A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The ... Read more

    • Published: Aug. 25, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-8011

    Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.... Read more

    Affected Products : options\+
    • Published: Aug. 25, 2024
    • Modified: Sep. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-41732

    SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web ap... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Aug. 13, 2024
    • Modified: Sep. 11, 2024

  • 6.4

    MEDIUM
    CVE-2024-8317

    The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This make... Read more

    Affected Products : wp_adcenter
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-8427

    The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all vers... Read more

    Affected Products : frontend_post_submission_manager
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 5.9

    MEDIUM
    CVE-2024-39627

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3.... Read more

    Affected Products : nextgen_gallery
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024

  • 5.9

    MEDIUM
    CVE-2024-39629

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2.... Read more

    Affected Products : himalayas
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024

  • 7.1

    HIGH
    CVE-2024-39631

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2.... Read more

    Affected Products : contest_gallery
    • Published: Aug. 01, 2024
    • Modified: Sep. 11, 2024
Showing 20 of 292508 Results