Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-45254

    VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-45253

    Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-38479

    Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which d... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 03, 2025

  • 6.8

    MEDIUM
    CVE-2024-2552

    A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 8.7

    HIGH
    CVE-2024-2551

    A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condi... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 8.7

    HIGH
    CVE-2024-2550

    A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 5.1

    MEDIUM
    CVE-2024-7787

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects vSRM Supp... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-11206

    Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 8.6

    HIGH
    CVE-2024-9186

    The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated ... Read more

    Affected Products : funnelkit_automations
    • Published: Nov. 14, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10146

    The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.... Read more

    Affected Products : simple_file_list
    • Published: Nov. 14, 2024
    • Modified: May. 15, 2025

  • 6.7

    MEDIUM
    CVE-2023-34049

    The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs the... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.1

    HIGH
    CVE-2024-5082

    A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.  This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.... Read more

    Affected Products : nexus_repository_manager
    • Published: Nov. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.1

    MEDIUM
    CVE-2024-5083

    A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.... Read more

    Affected Products : nexus_repository_manager
    • Published: Nov. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2024-40410

    Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption.... Read more

    Affected Products : thinfinity_workspace
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.3

    HIGH
    CVE-2024-40408

    Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges.... Read more

    Affected Products : thinfinity_workspace
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-40407

    A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors.... Read more

    Affected Products : thinfinity_workspace
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 8.1

    HIGH
    CVE-2024-40405

    Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request.... Read more

    Affected Products : thinfinity_workspace
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-40404

    Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established.... Read more

    Affected Products : thinfinity_workspace
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 6.5

    MEDIUM
    CVE-2024-51027

    Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-50956

    A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a craf... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 25, 2024
Showing 20 of 291672 Results