Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-47522

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic.... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-47188

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table ... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-47187

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. T... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-45797

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme ... Read more

    Affected Products : libhtp
    • Published: Oct. 16, 2024
    • Modified: Jul. 09, 2025

  • 5.3

    MEDIUM
    CVE-2024-45796

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-45795

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traff... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 6.6

    MEDIUM
    CVE-2024-41128

    Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dis... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-9143

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even ... Read more

    Affected Products : openssl
    • Published: Oct. 16, 2024
    • Modified: Sep. 01, 2025

  • 2.4

    LOW
    CVE-2024-4692

    Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization confi... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.0

    HIGH
    CVE-2024-4690

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 2.4

    LOW
    CVE-2024-4211

    Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been disc... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.0

    HIGH
    CVE-2024-4189

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.0

    HIGH
    CVE-2024-4184

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-46606

    A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more

    Affected Products : piwigo
    • Published: Oct. 16, 2024
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2024-46605

    A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more

    Affected Products : piwigo
    • Published: Oct. 16, 2024
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2024-45072

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-45071

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 8.8

    HIGH
    CVE-2024-38814

    An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execut... Read more

    Affected Products : vmware_hcx
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-20512

    A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface... Read more

    • Published: Oct. 16, 2024
    • Modified: Aug. 04, 2025

  • 7.1

    HIGH
    CVE-2024-20463

    A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the H... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 31, 2024
Showing 20 of 294824 Results