Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2024-7477

    A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Ve... Read more

    Affected Products : aura_system_manager
    • Published: Aug. 08, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-28298

    SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.... Read more

    Affected Products : bm_planning bmplanning
    • Published: Aug. 02, 2024
    • Modified: Sep. 11, 2024

  • 9.6

    CRITICAL
    CVE-2024-41127

    Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-... Read more

    Affected Products : monkeytype
    • Published: Aug. 02, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-7436

    A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated ... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Aug. 03, 2024
    • Modified: Sep. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-7438

    A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status ... Read more

    Affected Products : simple_machines_forum
    • Published: Aug. 03, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-7437

    A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the arg... Read more

    Affected Products : simple_machines_forum
    • Published: Aug. 03, 2024
    • Modified: Sep. 11, 2024

  • 9.1

    CRITICAL
    CVE-2024-35143

    IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain una... Read more

    • Published: Aug. 04, 2024
    • Modified: Sep. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-7204

    Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.... Read more

    Affected Products : qbibot
    • Published: Aug. 02, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-7323

    Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote se... Read more

    Affected Products : easyflow_.net
    • Published: Aug. 02, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7461

    A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument u... Read more

    Affected Products : administracao_pabx
    • Published: Aug. 05, 2024
    • Modified: Sep. 11, 2024

  • 5.9

    MEDIUM
    CVE-2024-27267

    The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 28... Read more

    Affected Products : java_sdk
    • Published: Aug. 14, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-21904

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed t... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 5.9

    MEDIUM
    CVE-2023-50315

    IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. ... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 14, 2024
    • Modified: Sep. 11, 2024

  • 6.6

    MEDIUM
    CVE-2024-21903

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability ... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-21898

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the fol... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 8.9

    HIGH
    CVE-2024-21897

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2023-51368

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerabili... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 8.7

    HIGH
    CVE-2023-51366

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed t... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 4.8

    MEDIUM
    CVE-2023-50366

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vuln... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2023-51367

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 11, 2024
Showing 20 of 292737 Results