Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-44796

    A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.... Read more

    Affected Products : picuploader
    • Published: Aug. 26, 2024
    • Modified: Sep. 06, 2024

  • 8.8

    HIGH
    CVE-2024-43804

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functio... Read more

    Affected Products : roxy-wi
    • Published: Aug. 29, 2024
    • Modified: Sep. 06, 2024

  • 8.1

    HIGH
    CVE-2024-41964

    Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be confi... Read more

    Affected Products : kirby
    • Published: Aug. 29, 2024
    • Modified: Sep. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-44919

    A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter.... Read more

    Affected Products : seacms
    • Published: Aug. 29, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8255

    Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.... Read more

    Affected Products : dtn_soft
    • Published: Aug. 29, 2024
    • Modified: Sep. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-5991

    In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be N... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7720

    HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.... Read more

    Affected Products : security_manager
    • Published: Aug. 27, 2024
    • Modified: Sep. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-44797

    A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter.... Read more

    Affected Products : gazelle
    • Published: Aug. 26, 2024
    • Modified: Sep. 06, 2024

  • 6.5

    MEDIUM
    CVE-2024-8165

    A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function exportZip of the file /admin/file_manager/export. The manipulation of the argument path leads to path ... Read more

    Affected Products : beikeshop
    • Published: Aug. 26, 2024
    • Modified: Sep. 06, 2024

  • 8.8

    HIGH
    CVE-2024-8164

    A vulnerability, which was classified as critical, has been found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function rename of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation ... Read more

    Affected Products : beikeshop
    • Published: Aug. 26, 2024
    • Modified: Sep. 06, 2024

  • 8.1

    HIGH
    CVE-2024-8163

    A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads... Read more

    Affected Products : beikeshop
    • Published: Aug. 26, 2024
    • Modified: Sep. 06, 2024

  • 8.3

    HIGH
    CVE-2024-7570

    Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.... Read more

    Affected Products : neurons_for_itsm
    • Published: Aug. 13, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7569

    An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.... Read more

    Affected Products : neurons_for_itsm
    • Published: Aug. 13, 2024
    • Modified: Sep. 06, 2024

  • 4.3

    MEDIUM
    CVE-2024-37898

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having del... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024

  • 9.9

    CRITICAL
    CVE-2024-37901

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchS... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024

  • 9.0

    CRITICAL
    CVE-2024-41947

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of th... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024

  • 7.5

    HIGH
    CVE-2024-23499

    Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-23907

    Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-23909

    Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-23981

    Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024
Showing 20 of 292838 Results