Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2023-39463

    Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data ... Read more

    Affected Products : scada_data_gateway
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2023-39464

    Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although ... Read more

    Affected Products : scada_data_gateway
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 4.7

    MEDIUM
    CVE-2024-30141

    HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.... Read more

    Affected Products : bigfix_compliance
    • Published: Nov. 07, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-39465

    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gatewa... Read more

    Affected Products : scada_data_gateway
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2023-39466

    Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway... Read more

    Affected Products : scada_data_gateway
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2023-39467

    Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is no... Read more

    Affected Products : scada_data_gateway
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2024-30140

    HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.... Read more

    Affected Products : bigfix_compliance
    • Published: Nov. 07, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2023-39468

    Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCA... Read more

    Affected Products : scada_data_gateway
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 4.7

    MEDIUM
    CVE-2024-30126

    HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without ... Read more

    Affected Products : bigfix_compliance
    • Published: Jul. 18, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-30125

    HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.... Read more

    Affected Products : bigfix_compliance
    • Published: Jul. 18, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-22734

    An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components.... Read more

    Affected Products : trux_waste_management
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2024-30850

    An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go... Read more

    Affected Products : chaos
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-22526

    Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.... Read more

    Affected Products : bandiview
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 7.1

    HIGH
    CVE-2024-23576

    Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. ... Read more

    Affected Products : hcl_commerce
    • Published: May. 14, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2020-8006

    The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of co... Read more

    Affected Products : raption_server
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2024-25545

    An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.... Read more

    Affected Products : weave_desktop
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-28718

    An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.... Read more

    Affected Products : magnum
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-31818

    Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.... Read more

    Affected Products : derbynet
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-30845

    Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters.... Read more

    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-31839

    Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.... Read more

    Affected Products : chaos
    • Published: Apr. 12, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293602 Results