Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-39387

    Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue ... Read more

    Affected Products : macos windows bridge
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7907

    A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injecti... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7908

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer ov... Read more

    Affected Products : ex1200l_firmware ex1200l
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 7.2

    HIGH
    CVE-2024-7910

    A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The mani... Read more

    Affected Products : online_railway_reservation_system
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7911

    A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file... Read more

    Affected Products : simple_online_bidding_system
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-42353

    WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base U... Read more

    Affected Products : webob
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-41866

    InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in ... Read more

    Affected Products : macos windows indesign
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-41865

    Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the applicatio... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-41854

    InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-41853

    InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : macos windows indesign
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-41852

    InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... Read more

    Affected Products : macos windows indesign
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-41851

    InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i... Read more

    Affected Products : macos windows indesign
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-41850

    InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : macos windows indesign
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-41719

    When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not evalua... Read more

    Affected Products : big-ip_next_central_manager
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 8.2

    HIGH
    CVE-2024-41164

    When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Supp... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 8.5

    HIGH
    CVE-2024-43221

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 8.5

    HIGH
    CVE-2024-43271

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0.... Read more

    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 4.7

    MEDIUM
    CVE-2024-43236

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9.... Read more

    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 5.3

    MEDIUM
    CVE-2024-43281

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Ele... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 9.0

    CRITICAL
    CVE-2024-43252

    Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue affects Crew HRM: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024
Showing 20 of 294837 Results