Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-7994

    A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current p... Read more

    Affected Products : revit
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 7.8

    HIGH
    CVE-2024-7993

    A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the ... Read more

    Affected Products : revit
    • Published: Oct. 16, 2024
    • Modified: Aug. 26, 2025

  • 8.1

    HIGH
    CVE-2024-48918

    RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user i... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-48758

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Oct. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-48180

    ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.... Read more

    Affected Products : classcms
    • Published: Oct. 16, 2024
    • Modified: Apr. 28, 2025

  • 6.6

    MEDIUM
    CVE-2024-47889

    Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.6

    MEDIUM
    CVE-2024-47888

    Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Caref... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 7.2

    HIGH
    CVE-2024-46213

    REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.... Read more

    Affected Products : redaxo
    • Published: Oct. 16, 2024
    • Modified: Jun. 13, 2025

  • 4.9

    MEDIUM
    CVE-2024-46212

    An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.... Read more

    Affected Products : redaxo
    • Published: Oct. 16, 2024
    • Modified: Jun. 13, 2025

  • 5.3

    MEDIUM
    CVE-2024-44762

    A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.6

    MEDIUM
    CVE-2024-47887

    Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For a... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-47836

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more

    Affected Products : admidio
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 7.5

    HIGH
    CVE-2024-47522

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic.... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-47188

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table ... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-47187

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. T... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-45797

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme ... Read more

    Affected Products : libhtp
    • Published: Oct. 16, 2024
    • Modified: Jul. 09, 2025

  • 5.3

    MEDIUM
    CVE-2024-45796

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-45795

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traff... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 6.6

    MEDIUM
    CVE-2024-41128

    Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dis... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-9143

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even ... Read more

    Affected Products : openssl
    • Published: Oct. 16, 2024
    • Modified: Sep. 01, 2025
Showing 20 of 294796 Results