Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    CVSS31
    CVE-2024-34543

    Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 3.5

    CVSS31
    CVE-2024-36261

    Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 5.3

    CVSS31
    CVE-2023-43753

    Improper conditions check in some Intel(R) Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    CVSS31
    CVE-2024-21829

    Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    CVSS31
    CVE-2023-43626

    Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 0.0

    NONE
    CVE-2024-44623

    An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-33848

    Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    CVSS31
    CVE-2024-21871

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 8.2

    CVSS31
    CVE-2023-42772

    Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 7.2

    CVSS31
    CVE-2024-21781

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 5.3

    CVSS31
    CVE-2024-1578

    The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being ... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 5.3

    CVSS31
    CVE-2024-39613

    Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that ... Read more

    Affected Products : mattermost
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-8778

    OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44058

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-8780

    OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    CVSS31
    CVE-2024-8779

    OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 7.1

    CVSS31
    CVE-2024-45459

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44063

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.... Read more

    Affected Products : happyforms
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 0.0

    NONE
    CVE-2024-46942

    In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    CVSS31
    CVE-2024-8777

    OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 86 Results