Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-7411

    The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it ... Read more

    Affected Products : newsletters
    • Published: Aug. 15, 2024
    • Modified: Aug. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-43368

    The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a `text/html` ... Read more

    Affected Products :
    • Published: Aug. 14, 2024
    • Modified: Aug. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-22278

    Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.... Read more

    Affected Products : harbor
    • Published: Aug. 02, 2024
    • Modified: Aug. 14, 2024

  • 8.7

    HIGH
    CVE-2024-41904

    A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to c... Read more

    Affected Products : sinec_traffic_analyzer
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 7.5

    HIGH
    CVE-2024-41903

    A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's... Read more

    Affected Products : sinec_traffic_analyzer
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 6.9

    MEDIUM
    CVE-2024-41683

    A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user passwords.... Read more

    Affected Products : location_intelligence
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 6.9

    MEDIUM
    CVE-2024-41682

    A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute fo... Read more

    Affected Products : location_intelligence
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 7.5

    HIGH
    CVE-2024-41681

    A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to rea... Read more

    Affected Products : location_intelligence
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 8.5

    HIGH
    CVE-2024-36398

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.... Read more

    Affected Products : sinec_nms
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 7.8

    HIGH
    CVE-2024-41864

    Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim... Read more

    Affected Products : substance_3d_designer
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-41863

    Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this is... Read more

    Affected Products : substance_3d_sampler
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-41862

    Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this is... Read more

    Affected Products : substance_3d_sampler
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-41861

    Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this is... Read more

    Affected Products : substance_3d_sampler
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-41860

    Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this is... Read more

    Affected Products : substance_3d_sampler
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 7.8

    HIGH
    CVE-2024-38153

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 7.8

    HIGH
    CVE-2024-38152

    Windows OLE Remote Code Execution Vulnerability... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-38151

    Windows Kernel Information Disclosure Vulnerability... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 7.8

    HIGH
    CVE-2024-38150

    Windows DWM Core Library Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-41613

    A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note.... Read more

    Affected Products : symphony_cms
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 5.3

    MEDIUM
    CVE-2024-41941

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without... Read more

    Affected Products : sinec_nms
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024
Showing 20 of 290981 Results