Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    CVSS31
    CVE-2024-42501

    An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 18, 2024

  • 7.5

    CVSS31
    CVE-2024-38813

    The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CVSS31
    CVE-2024-38812

    The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leadin... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 5.5

    CVSS31
    CVE-2024-38380

    This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 6.2

    CVSS31
    CVE-2024-8939

    A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of paramete... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    CVSS31
    CVE-2024-8768

    A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024
Showing 20 of 346 Results