Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-42745

    In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42748

    In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42547

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42629

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-7616

    A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The v... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.6

    HIGH
    CVE-2024-7408

    This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42632

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42630

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-42626

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.... Read more

    Affected Products : frogcms
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42545

    TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42520

    TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.3

    MEDIUM
    CVE-2024-41240

    A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.... Read more

    • Published: Aug. 07, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7399

    Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.... Read more

    Affected Products : magicinfo_9_server
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2024-37129

    Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.... Read more

    Affected Products : inventory_collector
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 7.2

    HIGH
    CVE-2022-4002

    A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.... Read more

    Affected Products : q14_firmware q14
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2022-4003

    A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.... Read more

    Affected Products : q14_firmware q14
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 8.8

    HIGH
    CVE-2024-7272

    A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the atta... Read more

    Affected Products : ffmpeg
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2023-1577

    A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.... Read more

    Affected Products : drivers_management
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2019-6198

    A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.... Read more

    Affected Products : pcmanager
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2019-6197

    A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.... Read more

    Affected Products : pcmanager
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024
Showing 20 of 291389 Results