Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-48789

    An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 19, 2025

  • 7.5

    HIGH
    CVE-2024-47831

    Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could ... Read more

    Affected Products : next.js
    • Published: Oct. 14, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-47826

    eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show mode), "database.php" (show mode) or "search.php". It wo... Read more

    Affected Products : elabftw
    • Published: Oct. 14, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-47767

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not ha... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    MEDIUM
    CVE-2024-47766

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the conte... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 5.7

    MEDIUM
    CVE-2024-46988

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with infor... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.8

    MEDIUM
    CVE-2024-46980

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact lin... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-46528

    An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources with... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Aug. 28, 2025

  • 7.5

    HIGH
    CVE-2024-48799

    An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 24, 2025

  • 7.5

    HIGH
    CVE-2024-48798

    An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 24, 2025

  • 7.5

    HIGH
    CVE-2024-48797

    An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 25, 2025

  • 7.5

    HIGH
    CVE-2024-48796

    An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-48168

    A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.... Read more

    Affected Products : dcs-960l_firmware dcs-960l
    • Published: Oct. 14, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-46535

    Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.... Read more

    Affected Products : jepaas
    • Published: Oct. 14, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-45741

    In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom conf... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-45740

    In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result i... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    MEDIUM
    CVE-2024-45739

    In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at... Read more

    Affected Products : splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.9

    MEDIUM
    CVE-2024-45738

    In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG loggi... Read more

    Affected Products : splunk
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-45737

    In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of Ap... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-45736

    In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294842 Results