Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2024-34607

    Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.... Read more

    Affected Products : android android dex
    • Published: Aug. 07, 2024
    • Modified: Aug. 12, 2024

  • 6.2

    MEDIUM
    CVE-2024-34606

    Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.... Read more

    Affected Products : android android dex
    • Published: Aug. 07, 2024
    • Modified: Aug. 12, 2024

  • 6.2

    MEDIUM
    CVE-2024-34605

    Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.... Read more

    Affected Products : android android dex
    • Published: Aug. 07, 2024
    • Modified: Aug. 12, 2024

  • 6.2

    MEDIUM
    CVE-2024-34604

    Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.... Read more

    Affected Products : android android dex
    • Published: Aug. 07, 2024
    • Modified: Aug. 12, 2024

  • 8.8

    HIGH
    CVE-2024-7550

    Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 8.8

    HIGH
    CVE-2024-7536

    Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 8.8

    HIGH
    CVE-2024-7533

    Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome iphone_os edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 8.8

    HIGH
    CVE-2024-7532

    Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 7.8

    HIGH
    CVE-2024-42219

    1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.... Read more

    Affected Products : 1password
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 6.3

    MEDIUM
    CVE-2024-42218

    1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.... Read more

    Affected Products : 1password
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 4.6

    MEDIUM
    CVE-2024-31200

    A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-41270

    An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.... Read more

    Affected Products : gorush
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-42395

    There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system l... Read more

    Affected Products : arubaos instant instantos instant
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-42394

    There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to ... Read more

    Affected Products : arubaos instantos
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-42393

    There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to ... Read more

    Affected Products : arubaos instant instantos instant
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.6

    CRITICAL
    CVE-2024-28739

    An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.... Read more

    Affected Products : koha
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-7285

    A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name lea... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-7286

    A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argumen... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 12, 2024

  • 8.8

    HIGH
    CVE-2024-7287

    A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is po... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 12, 2024

  • 8.8

    HIGH
    CVE-2024-7288

    A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_block. The manipulation of the argume... Read more

    • Published: Jul. 31, 2024
    • Modified: Aug. 12, 2024
Showing 20 of 291170 Results