Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2024-46451

    TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 0.0

    NONE
    CVE-2024-46419

    TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 3.7

    CVSS31
    CVE-2024-39772

    Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 0.0

    NONE
    CVE-2024-7104

    Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 0.0

    NONE
    CVE-2024-6401

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 0.0

    NONE
    CVE-2024-7098

    Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.3

    CVSS31
    CVE-2024-38315

    IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 4.3

    CVSS31
    CVE-2024-8866

    A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remot... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 5.9

    CVSS31
    CVE-2024-45460

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 7.1

    CVSS31
    CVE-2024-44053

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44056

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 5.6

    CVSS31
    CVE-2024-8880

    A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot of the component Template Handler. The manipulation of t... Read more

    Affected Products : playsms
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.1

    CVSS31
    CVE-2024-8776

    SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 7.3

    CVSS31
    CVE-2024-8862

    A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query l... Read more

    Affected Products :
    • Published: Sep. 14, 2024
    • Modified: Sep. 16, 2024

  • 2.5

    CVSS31
    CVE-2024-45835

    Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CVSS31
    CVE-2024-45694

    The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 3.5

    CVSS31
    CVE-2024-8863

    A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site... Read more

    Affected Products : aim
    • Published: Sep. 14, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    CVSS31
    CVE-2024-8864

    A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to c... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 3.5

    CVSS31
    CVE-2024-8865

    A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 3.5

    CVSS31
    CVE-2024-8867

    A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads ... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 86 Results