Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-48652

    Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.... Read more

    Affected Products : camaleon_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-48644

    Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts a... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 5.0

    MEDIUM
    CVE-2024-48415

    itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.... Read more

    • Published: Oct. 22, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-46483

    Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 8.2

    HIGH
    CVE-2024-46482

    An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-44812

    SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.... Read more

    Affected Products : online_complaint_site
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 7.5

    HIGH
    CVE-2024-44331

    Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 8.6

    HIGH
    CVE-2024-43812

    Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-43698

    Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 7.5

    HIGH
    CVE-2024-42643

    Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-41717

    Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-40494

    Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet.... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-40493

    Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_p... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 8.2

    HIGH
    CVE-2024-31029

    An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets.... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Jun. 24, 2025

  • 9.0

    CRITICAL
    CVE-2024-26519

    An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 8.8

    HIGH
    CVE-2024-10231

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 8.8

    HIGH
    CVE-2024-10230

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 22, 2024
    • Modified: Oct. 31, 2024

  • 8.1

    HIGH
    CVE-2024-10229

    Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.2

    CRITICAL
    CVE-2024-48919

    Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an att... Read more

    Affected Products : cursor
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 5.3

    MEDIUM
    CVE-2024-45526

    An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually.... Read more

    Affected Products : ua-.netstandard
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024
Showing 20 of 294713 Results