Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-2232

    The lacks CSRF checks allowing a user to invite any user to any group (including private groups)... Read more

    Affected Products : himer
    • Published: Aug. 05, 2024
    • Modified: Aug. 07, 2024

  • 7.5

    HIGH
    CVE-2024-41260

    A static initialization vector (IV) in the encrypt function of netbird v0.28.4 allows attackers to obtain sensitive information.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7443

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It ... Read more

    Affected Products : ib8367a_firmware ib8367a
    • Published: Aug. 03, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7439

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buf... Read more

    Affected Products : cc8160_firmware cc8160
    • Published: Aug. 03, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7442

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injec... Read more

    Affected Products : sd9364_firmware sd9364
    • Published: Aug. 03, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7470

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7469

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The man... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7468

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpn_config_mod of the file /vpn/list_service_manage.php of the component Web Interface. The manipulation of... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7467

    A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of... Read more

    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-7466

    A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Application Firewall. The manipulation leads to cross site scripting. The attack can be launched ... Read more

    Affected Products : pmweb
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 8.8

    HIGH
    CVE-2024-7460

    A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery.... Read more

    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 8.8

    HIGH
    CVE-2024-7459

    A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch th... Read more

    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7458

    A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation o... Read more

    Affected Products : eladmin
    • Published: Aug. 04, 2024
    • Modified: Aug. 06, 2024

  • 7.1

    HIGH
    CVE-2024-7396

    Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-7395

    An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-7397

    Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 7.8

    HIGH
    CVE-2024-6472

    Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning ... Read more

    Affected Products : libreoffice
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-6915

    JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.... Read more

    Affected Products : artifactory
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 3.0

    LOW
    CVE-2024-42350

    Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 7.2

    HIGH
    CVE-2024-7485

    The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in the 'UserWebStat' AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products :
    • Published: Aug. 06, 2024
    • Modified: Aug. 06, 2024
Showing 20 of 290943 Results