Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-35518

    Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.... Read more

    Affected Products : ex6120_firmware ex6120
    • Published: Oct. 14, 2024
    • Modified: Mar. 19, 2025

  • 8.7

    HIGH
    CVE-2024-6207

    CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end c... Read more

    • Published: Oct. 14, 2024
    • Modified: Oct. 21, 2024

  • 7.8

    HIGH
    CVE-2024-48911

    OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unpri... Read more

    Affected Products : opencanary
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 2.4

    LOW
    CVE-2024-48909

    SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their re... Read more

    Affected Products : spicedb
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    HIGH
    CVE-2024-48824

    An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48823

    Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 15, 2025

  • 8.8

    HIGH
    CVE-2024-48822

    Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 18, 2025

  • 6.1

    MEDIUM
    CVE-2024-48821

    Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 24, 2025

  • 5.9

    MEDIUM
    CVE-2024-47885

    The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has *stored* attacker-contro... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 9.1

    CRITICAL
    CVE-2023-48082

    Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.... Read more

    Affected Products : nagios_xi
    • Published: Oct. 14, 2024
    • Modified: Jul. 10, 2025

  • 5.3

    MEDIUM
    CVE-2024-48795

    An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 5.9

    MEDIUM
    CVE-2024-48793

    An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-48792

    An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-48791

    An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-48790

    An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-48789

    An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 19, 2025

  • 7.5

    HIGH
    CVE-2024-47831

    Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could ... Read more

    Affected Products : next.js
    • Published: Oct. 14, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-47826

    eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show mode), "database.php" (show mode) or "search.php". It wo... Read more

    Affected Products : elabftw
    • Published: Oct. 14, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-47767

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not ha... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    MEDIUM
    CVE-2024-47766

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the conte... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 294837 Results