Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-27442

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privile... Read more

    Affected Products : collaboration
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-38530

    The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's ... Read more

    Affected Products : openeclass
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-6917

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2.... Read more

    Affected Products : order_management
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2023-7249

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1.... Read more

    Affected Products : directory_services
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42745

    In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42748

    In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42547

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42629

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-7616

    A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The v... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.6

    HIGH
    CVE-2024-7408

    This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42632

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42630

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42626

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42545

    TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42520

    TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.3

    MEDIUM
    CVE-2024-41240

    A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.... Read more

    • Published: Aug. 07, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7399

    Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.... Read more

    Affected Products : magicinfo_9_server
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2024-37129

    Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.... Read more

    Affected Products : inventory_collector
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 7.2

    HIGH
    CVE-2022-4002

    A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.... Read more

    Affected Products : q14_firmware q14
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2022-4003

    A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.... Read more

    Affected Products : q14_firmware q14
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024
Showing 20 of 291193 Results