Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-48932

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such ... Read more

    Affected Products : zimaos
    • Published: Oct. 24, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-48931

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?token=<token>&files=<file_path>` is vulnerable to arbitra... Read more

    Affected Products : zimaos
    • Published: Oct. 24, 2024
    • Modified: Nov. 06, 2024

  • 6.2

    MEDIUM
    CVE-2024-48426

    A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).... Read more

    Affected Products : assimp
    • Published: Oct. 24, 2024
    • Modified: May. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-48425

    A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, ... Read more

    Affected Products : assimp
    • Published: Oct. 24, 2024
    • Modified: Jun. 10, 2025

  • 5.5

    MEDIUM
    CVE-2024-48424

    A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.... Read more

    Affected Products : assimp
    • Published: Oct. 24, 2024
    • Modified: Jun. 10, 2025

  • 8.4

    HIGH
    CVE-2024-48423

    An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.... Read more

    Affected Products : assimp
    • Published: Oct. 24, 2024
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2024-48208

    pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.... Read more

    Affected Products : pure-ftpd
    • Published: Oct. 24, 2024
    • Modified: Sep. 04, 2025

  • 9.1

    CRITICAL
    CVE-2024-47883

    The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening... Read more

    Affected Products : butterfly
    • Published: Oct. 24, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-47882

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-47881

    OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to l... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.1

    HIGH
    CVE-2024-47880

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attac... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-47879

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expres... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Dec. 04, 2024

  • 8.1

    HIGH
    CVE-2024-47878

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `<script>` tag in the output, so without escaping. An attacker could le... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-45263

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information lea... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.8

    HIGH
    CVE-2024-45262

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execut... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.0

    HIGH
    CVE-2024-45261

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.0

    HIGH
    CVE-2024-45260

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 8.1

    HIGH
    CVE-2024-10327

    A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user lo... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-45259

    An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024

  • 7.8

    HIGH
    CVE-2024-45242

    EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin pa... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 28, 2024
Showing 20 of 294528 Results