Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-47547

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 8.7

    HIGH
    CVE-2024-47043

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 7.5

    HIGH
    CVE-2024-42494

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 8.5

    HIGH
    CVE-2024-11220

    A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting... Read more

    • Published: Dec. 06, 2024
    • Modified: Jan. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-55268

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 11, 2024

  • 7.5

    HIGH
    CVE-2024-54749

    Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a f... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 12, 2024

  • 9.3

    CRITICAL
    CVE-2024-54143

    openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By explo... Read more

    Affected Products : openwrt
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 8.7

    HIGH
    CVE-2024-53691

    A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have alrea... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.8

    MEDIUM
    CVE-2024-50404

    A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerabilit... Read more

    Affected Products : qsync_central
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 2.1

    LOW
    CVE-2024-50403

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modif... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 2.1

    LOW
    CVE-2024-50402

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modif... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 8.7

    HIGH
    CVE-2024-50393

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following ver... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.5

    CRITICAL
    CVE-2024-50389

    A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.5

    CRITICAL
    CVE-2024-50388

    An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid B... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-50387

    A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 8.7

    HIGH
    CVE-2024-48868

    An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fix... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-48867

    An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fix... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 2.3

    LOW
    CVE-2024-48866

    An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fi... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 7.3

    HIGH
    CVE-2024-48865

    An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 7.7

    HIGH
    CVE-2024-48863

    A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024
Showing 20 of 291921 Results