Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2024-43969

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-21743

    Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 9.4

    CRITICAL
    CVE-2024-7873

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-47001

    Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-43938

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Peters Name Directory allows Reflected XSS.This issue affects Name Directory: from n/a through 1.29.0.... Read more

    Affected Products : name_directory
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 6.4

    MEDIUM
    CVE-2024-45812

    Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cros... Read more

    Affected Products : vite
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 8.5

    HIGH
    CVE-2024-6406

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data.This issue affects Mobile Library Application: before 5.0.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-8969

    OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators.... Read more

    Affected Products : omflow
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-8768

    A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.... Read more

    Affected Products : vllm
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 7.2

    HIGH
    CVE-2024-42501

    An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or... Read more

    Affected Products : arubaos
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46754

    In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tst_run from lwt_seg6local_prog_ops. The syzbot reported that the lwt_seg6 related BPF ops can be invoked via bpf_test_run() without without entering input_action_end_bpf() ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46736

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_rename_path() If smb2_set_path_attr() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() again as... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46734

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the oth... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-8986

    The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (fo... Read more

    Affected Products :
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 9.1

    CRITICAL
    CVE-2022-25769

    ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, no... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 5.3

    MEDIUM
    CVE-2024-45813

    find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a singl... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-34399

    **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer suppor... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-44542

    SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.... Read more

    Affected Products : todesk
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.8

    HIGH
    CVE-2024-45858

    An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code wil... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 4.3

    MEDIUM
    CVE-2024-45298

    Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test use... Read more

    Affected Products : wiki.js
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 293680 Results