Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.2

    MEDIUM
    CVE-2024-10183

    A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 7.8

    HIGH
    CVE-2024-9287

    A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source v... Read more

    Affected Products : python
    • Published: Oct. 22, 2024
    • Modified: Apr. 25, 2025

  • 9.3

    CRITICAL
    CVE-2024-9129

    In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino... Read more

    Affected Products : zend_server
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-49211

    Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML... Read more

    Affected Products : archer
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 6.1

    MEDIUM
    CVE-2024-49210

    Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or Ja... Read more

    Affected Products : archer
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-49209

    Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and up... Read more

    Affected Products : archer
    • Published: Oct. 22, 2024
    • Modified: Mar. 14, 2025

  • 5.9

    MEDIUM
    CVE-2024-49208

    Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete... Read more

    Affected Products : archer
    • Published: Oct. 22, 2024
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-48708

    Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.... Read more

    Affected Products : collabtive
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-48707

    Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.... Read more

    Affected Products : collabtive
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-48706

    Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.... Read more

    Affected Products : collabtive
    • Published: Oct. 22, 2024
    • Modified: Mar. 25, 2025

  • 7.5

    HIGH
    CVE-2024-48570

    Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.... Read more

    Affected Products : client_management_system
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.3

    CRITICAL
    CVE-2024-46538

    A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.... Read more

    Affected Products : pfsense
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-45518

    An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitiza... Read more

    Affected Products : collaboration
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-49373

    No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.... Read more

    Affected Products : centurion_erp
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 4.2

    MEDIUM
    CVE-2024-48929

    Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and ... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 4.6

    MEDIUM
    CVE-2024-48927

    Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice us... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 4.2

    MEDIUM
    CVE-2024-48926

    Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a ses... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-48925

    Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that shoul... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 7.8

    HIGH
    CVE-2024-48605

    An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.... Read more

    Affected Products : helakuru
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 8.7

    HIGH
    CVE-2024-47819

    Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you ge... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024
Showing 20 of 294605 Results