Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2023-51646

    Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability,... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 7.2

    HIGH
    CVE-2023-51645

    Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the ex... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51644

    Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 7.2

    HIGH
    CVE-2023-51643

    Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the e... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51642

    Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vu... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51641

    Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 7.2

    HIGH
    CVE-2023-51640

    Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51639

    Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51638

    Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 8.8

    HIGH
    CVE-2023-51635

    NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to ex... Read more

    Affected Products : rax30_firmware rax30
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 7.5

    HIGH
    CVE-2023-51634

    NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authenticati... Read more

    Affected Products : rax30_firmware rax30
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 7.2

    HIGH
    CVE-2023-39470

    PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vu... Read more

    Affected Products : papercut_ng
    • Published: Nov. 22, 2024
    • Modified: Jan. 09, 2025

  • 5.5

    MEDIUM
    CVE-2024-52998

    Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Nov. 22, 2024
    • Modified: Dec. 03, 2024

  • 7.5

    HIGH
    CVE-2024-52726

    CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information... Read more

    Affected Products : crmeb
    • Published: Nov. 22, 2024
    • Modified: Jul. 07, 2025

  • 7.5

    HIGH
    CVE-2024-11618

    A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The ... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 6.8

    MEDIUM
    CVE-2024-50657

    An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-37783

    A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-37782

    An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field.... Read more

    Affected Products : centrestack
    • Published: Nov. 22, 2024
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-53438

    EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing ... Read more

    Affected Products : churchcrm
    • Published: Nov. 22, 2024
    • Modified: Mar. 28, 2025

  • 7.5

    HIGH
    CVE-2024-44786

    Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Mar. 13, 2025
Showing 20 of 291368 Results