Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-39585

    Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side r... Read more

    Affected Products : smartfabric_os10
    • Published: Sep. 06, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-6670

    In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.... Read more

    Affected Products : whatsup_gold
    • Actively Exploited
    • Published: Aug. 29, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-42365

    Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configurat... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Aug. 08, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-40766

    An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall G... Read more

    • Actively Exploited
    • Published: Aug. 23, 2024
    • Modified: Sep. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-42489

    Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vul... Read more

    Affected Products : pro_macros
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-0102

    NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of s... Read more

    Affected Products : linux_kernel windows cuda_toolkit
    • Published: Aug. 08, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-0108

    NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of... Read more

    • Published: Aug. 08, 2024
    • Modified: Sep. 16, 2024

  • 9.0

    CRITICAL
    CVE-2024-28991

    SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.... Read more

    Affected Products : access_rights_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-28990

    SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI... Read more

    Affected Products : access_rights_manager
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 9.0

    CRITICAL
    CVE-2024-45856

    A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within th... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    HIGH
    CVE-2024-45855

    Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.7

    HIGH
    CVE-2023-41833

    A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.9

    MEDIUM
    CVE-2023-23904

    NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 8.7

    HIGH
    CVE-2023-43626

    Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : atom_c5325_firmware
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 8.7

    HIGH
    CVE-2023-42772

    Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : xeon_d-2799_firmware
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.8

    MEDIUM
    CVE-2023-43753

    Improper conditions check in some Intel(R) Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 8.3

    HIGH
    CVE-2024-23599

    Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.8

    MEDIUM
    CVE-2024-23984

    Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 7.2

    HIGH
    CVE-2024-21781

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    HIGH
    CVE-2024-21871

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : xeon_d-2799_firmware
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 293186 Results