Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-45308

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be acces... Read more

    Affected Products : hedgedoc
    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 6.6

    MEDIUM
    CVE-2024-25562

    Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 3.3

    LOW
    CVE-2024-24973

    Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 7.8

    HIGH
    CVE-2024-23495

    Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 7.3

    HIGH
    CVE-2024-23491

    Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 7.5

    HIGH
    CVE-2024-7651

    The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user suppli... Read more

    Affected Products : app_builder
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-7032

    The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenti... Read more

    Affected Products : smart_online_order_for_clover
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-7030

    The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attacker... Read more

    Affected Products : smart_online_order_for_clover
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-42939

    A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.... Read more

    Affected Products : yzncms
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-42337

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-42338

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 8.3

    HIGH
    CVE-2024-42340

    CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-42339

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-45488

    One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.... Read more

    Affected Products :
    • Published: Aug. 30, 2024
    • Modified: Aug. 30, 2024

  • 8.3

    HIGH
    CVE-2024-38869

    Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-41889

    Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.... Read more

    Affected Products : pitool play
    • Published: Aug. 05, 2024
    • Modified: Aug. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-6118

    A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.... Read more

    Affected Products : meetinghub_paperless_meetings
    • Published: Aug. 05, 2024
    • Modified: Aug. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-6117

    A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.... Read more

    Affected Products : meetinghub_paperless_meetings
    • Published: Aug. 05, 2024
    • Modified: Aug. 30, 2024

  • 8.8

    HIGH
    CVE-2024-8194

    Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 28, 2024
    • Modified: Aug. 30, 2024

  • 7.3

    HIGH
    CVE-2024-45232

    An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-... Read more

    Affected Products : typo3 powermail
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024
Showing 20 of 292485 Results