Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-50306

    Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fi... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-50305

    Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not h... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-47916

    Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-47915

    VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 4.5

    MEDIUM
    CVE-2024-47914

    VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-45254

    VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-45253

    Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-38479

    Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which d... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 03, 2025

  • 6.8

    MEDIUM
    CVE-2024-2552

    A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 8.7

    HIGH
    CVE-2024-2551

    A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condi... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 8.7

    HIGH
    CVE-2024-2550

    A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 5.1

    MEDIUM
    CVE-2024-7787

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects vSRM Supp... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-11206

    Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 8.6

    HIGH
    CVE-2024-9186

    The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated ... Read more

    Affected Products : funnelkit_automations
    • Published: Nov. 14, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10146

    The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.... Read more

    Affected Products : simple_file_list
    • Published: Nov. 14, 2024
    • Modified: May. 15, 2025

  • 6.7

    MEDIUM
    CVE-2023-34049

    The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs the... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.1

    HIGH
    CVE-2024-5082

    A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.  This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.... Read more

    Affected Products : nexus_repository_manager
    • Published: Nov. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.1

    MEDIUM
    CVE-2024-5083

    A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.... Read more

    Affected Products : nexus_repository_manager
    • Published: Nov. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2024-40410

    Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption.... Read more

    Affected Products : thinfinity_workspace
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.3

    HIGH
    CVE-2024-40408

    Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges.... Read more

    Affected Products : thinfinity_workspace
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025
Showing 20 of 291617 Results