Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-47941

    A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attack... Read more

    Affected Products : solid_edge_se2024
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 7.8

    HIGH
    CVE-2024-47940

    A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attack... Read more

    Affected Products : solid_edge_se2024
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 8.4

    HIGH
    CVE-2024-47808

    A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an... Read more

    Affected Products : sinec_nms
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 8.5

    HIGH
    CVE-2024-47783

    A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the servic... Read more

    Affected Products : siport_mp siport
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.3

    MEDIUM
    CVE-2024-46894

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to ... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Aug. 20, 2025

  • 8.1

    HIGH
    CVE-2024-46892

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an auth... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 7.5

    HIGH
    CVE-2024-46891

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logg... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Aug. 20, 2025

  • 9.4

    CRITICAL
    CVE-2024-46890

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privilege... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.9

    MEDIUM
    CVE-2024-46889

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key materia... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.9

    CRITICAL
    CVE-2024-46888

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipu... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-44102

    A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with... Read more

    Affected Products : telecontrol_server_basic
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 8.2

    HIGH
    CVE-2024-36140

    A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker t... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 8.5

    HIGH
    CVE-2024-29119

    A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges.... Read more

    Affected Products : spectrum_power_7
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-11123

    A vulnerability, which was classified as problematic, was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path tra... Read more

    Affected Products : lingdang_crm
    • Published: Nov. 12, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-11122

    A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the a... Read more

    Affected Products : lingdang_crm
    • Published: Nov. 12, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-11121

    A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of t... Read more

    Affected Products : lingdang_crm
    • Published: Nov. 12, 2024
    • Modified: Aug. 27, 2025

  • 7.3

    HIGH
    CVE-2023-32736

    A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions <... Read more

    Affected Products : simatic_wincc
    • Published: Nov. 12, 2024
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-10245

    The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 6.4

    MEDIUM
    CVE-2024-10323

    The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products : jetwidgets_for_elementor
    • Published: Nov. 12, 2024
    • Modified: Feb. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-10179

    The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024
Showing 20 of 291812 Results