Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2024-47464

    An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operat... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.2

    HIGH
    CVE-2024-47463

    An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote comm... Read more

    Affected Products : arubaos instant instant
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.2

    HIGH
    CVE-2024-47462

    An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote comm... Read more

    Affected Products : arubaos instant instant
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 7.2

    HIGH
    CVE-2024-47461

    An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying ope... Read more

    Affected Products : arubaos instant instant
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 9.0

    CRITICAL
    CVE-2024-47460

    Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation... Read more

    Affected Products : arubaos instant instant
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-42509

    Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation... Read more

    Affected Products : arubaos instant instant
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 2.3

    LOW
    CVE-2024-51756

    The cap-std project is organized around the eponymous `cap-std` crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", ... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-51745

    Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special devi... Read more

    Affected Products : wasmtime
    • Published: Nov. 05, 2024
    • Modified: Sep. 04, 2025

  • 8.8

    HIGH
    CVE-2024-51116

    Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Nov. 05, 2024
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10084

    The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contribut... Read more

    • Published: Nov. 05, 2024
    • Modified: Jul. 11, 2025

  • 7.8

    HIGH
    CVE-2024-7995

    A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.... Read more

    Affected Products : vred vred_design
    • Published: Nov. 05, 2024
    • Modified: Aug. 18, 2025

  • 2.1

    LOW
    CVE-2024-51753

    The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. Thi... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 5.5

    MEDIUM
    CVE-2024-51752

    The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled.... Read more

    Affected Products : authkit
    • Published: Nov. 05, 2024
    • Modified: Sep. 10, 2025

  • 1.8

    LOW
    CVE-2024-51746

    Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to ... Read more

    Affected Products : gitsign
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-51740

    Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived fro... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 8.7

    HIGH
    CVE-2024-51735

    Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary modu... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 6.5

    MEDIUM
    CVE-2024-51493

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser se... Read more

    Affected Products : octoprint
    • Published: Nov. 05, 2024
    • Modified: Dec. 18, 2024

  • 8.4

    HIGH
    CVE-2024-51382

    Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compro... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-51381

    Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and ... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025

  • 8.4

    HIGH
    CVE-2024-51380

    Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin u... Read more

    Affected Products : jatos
    • Published: Nov. 05, 2024
    • Modified: Jun. 24, 2025
Showing 20 of 293620 Results