Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-46483

    Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 8.2

    HIGH
    CVE-2024-46482

    An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-44812

    SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.... Read more

    Affected Products : online_complaint_site
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 7.5

    HIGH
    CVE-2024-44331

    Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 8.6

    HIGH
    CVE-2024-43812

    Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-43698

    Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 7.5

    HIGH
    CVE-2024-42643

    Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-41717

    Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-40494

    Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet.... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-40493

    Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_p... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 8.2

    HIGH
    CVE-2024-31029

    An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets.... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Jun. 24, 2025

  • 9.0

    CRITICAL
    CVE-2024-26519

    An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 8.8

    HIGH
    CVE-2024-10231

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 8.8

    HIGH
    CVE-2024-10230

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 22, 2024
    • Modified: Oct. 31, 2024

  • 8.1

    HIGH
    CVE-2024-10229

    Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.2

    CRITICAL
    CVE-2024-48919

    Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an att... Read more

    Affected Products : cursor
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 5.3

    MEDIUM
    CVE-2024-45526

    An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually.... Read more

    Affected Products : ua-.netstandard
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-48904

    An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability.... Read more

    Affected Products : cloud_edge
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 7.8

    HIGH
    CVE-2024-48903

    An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t... Read more

    Affected Products : windows deep_security_agent
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2024-46903

    A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code... Read more

    Affected Products : deep_discovery_inspector
    • Published: Oct. 22, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 294530 Results