Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-6763

    Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviou... Read more

    Affected Products : jetty
    • Published: Oct. 14, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-6762

    Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.... Read more

    Affected Products : jetty
    • Published: Oct. 14, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-48153

    DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Oct. 14, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-48150

    D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • Published: Oct. 14, 2024
    • Modified: May. 21, 2025

  • 6.6

    MEDIUM
    CVE-2024-41997

    An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2023-50780

    Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposur... Read more

    Affected Products : activemq_artemis
    • Published: Oct. 14, 2024
    • Modified: Mar. 19, 2025

  • 7.5

    HIGH
    CVE-2024-9823

    There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory... Read more

    • Published: Oct. 14, 2024
    • Modified: Jul. 30, 2025

  • 7.3

    HIGH
    CVE-2024-48259

    Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-48257

    Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin.... Read more

    Affected Products : wavelog
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48251

    Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.... Read more

    Affected Products : wavelog
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 7.3

    HIGH
    CVE-2024-48249

    Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.... Read more

    Affected Products : wavelog
    • Published: Oct. 14, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-9936

    When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.... Read more

    Affected Products : firefox
    • Published: Oct. 14, 2024
    • Modified: Mar. 31, 2025

  • 6.3

    MEDIUM
    CVE-2024-8602

    When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide App... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Dec. 11, 2024

  • 8.8

    HIGH
    CVE-2024-7847

    VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the a... Read more

    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-48255

    Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48253

    Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-48120

    X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.... Read more

    Affected Products : x2crm
    • Published: Oct. 14, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-48119

    Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.... Read more

    Affected Products : vtiger_crm
    • Published: Oct. 14, 2024
    • Modified: Oct. 30, 2024

  • 8.6

    HIGH
    CVE-2024-9139

    The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.... Read more

    Affected Products : tn-4900_firmware
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 9.4

    CRITICAL
    CVE-2024-9137

    The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration fil... Read more

    • Published: Oct. 14, 2024
    • Modified: Jan. 17, 2025
Showing 20 of 294836 Results