Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2022-31671

    Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authent... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31670

    Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker cou... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31669

    Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attack... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31668

    Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could mod... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2022-31667

    Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31666

    Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-9693

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluste... Read more

    Affected Products : gitlab
    • Published: Nov. 14, 2024
    • Modified: Nov. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-8180

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.... Read more

    Affected Products : gitlab
    • Published: Nov. 14, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-10571

    The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary ... Read more

    Affected Products : chartify
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2023-4134

    A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system... Read more

    Affected Products : linux_kernel fedora
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 8.7

    HIGH
    CVE-2024-9472

    A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specif... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 4.8

    MEDIUM
    CVE-2024-5920

    A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS admin... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2024-5919

    A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to t... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 5.3

    MEDIUM
    CVE-2024-5918

    An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 4.9

    MEDIUM
    CVE-2024-5917

    A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.... Read more

    Affected Products : pan-os
    • Published: Nov. 14, 2024
    • Modified: Jan. 24, 2025

  • 9.1

    CRITICAL
    CVE-2024-50306

    Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fi... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-50305

    Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not h... Read more

    Affected Products : traffic_server
    • Published: Nov. 14, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-47916

    Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-47915

    VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 4.5

    MEDIUM
    CVE-2024-47914

    VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024
Showing 20 of 291712 Results