Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48257

    Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin.... Read more

    Affected Products : wavelog
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48251

    Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.... Read more

    Affected Products : wavelog
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 7.3

    HIGH
    CVE-2024-48249

    Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.... Read more

    Affected Products : wavelog
    • Published: Oct. 14, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-9936

    When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.... Read more

    Affected Products : firefox
    • Published: Oct. 14, 2024
    • Modified: Mar. 31, 2025

  • 6.3

    MEDIUM
    CVE-2024-8602

    When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide App... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Dec. 11, 2024

  • 8.8

    HIGH
    CVE-2024-7847

    VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the a... Read more

    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-48255

    Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48253

    Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-48120

    X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.... Read more

    Affected Products : x2crm
    • Published: Oct. 14, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-48119

    Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.... Read more

    Affected Products : vtiger_crm
    • Published: Oct. 14, 2024
    • Modified: Oct. 30, 2024

  • 8.6

    HIGH
    CVE-2024-9139

    The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.... Read more

    Affected Products : tn-4900_firmware
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 9.4

    CRITICAL
    CVE-2024-9137

    The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration fil... Read more

    • Published: Oct. 14, 2024
    • Modified: Jan. 17, 2025

  • 4.7

    MEDIUM
    CVE-2024-46911

    Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF prot... Read more

    Affected Products : roller
    • Published: Oct. 14, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2024-43701

    Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.... Read more

    Affected Products : ddk
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-38863

    Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.... Read more

    Affected Products : checkmk checkmk
    • Published: Oct. 14, 2024
    • Modified: Dec. 03, 2024

  • 4.4

    MEDIUM
    CVE-2024-38862

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrato... Read more

    Affected Products : checkmk checkmk
    • Published: Oct. 14, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-9924

    The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .... Read more

    Affected Products : oaklouds_portal
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 4.9

    MEDIUM
    CVE-2024-9923

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.... Read more

    Affected Products : team\+_pro
    • Published: Oct. 14, 2024
    • Modified: Oct. 24, 2024

  • 5.3

    MEDIUM
    CVE-2024-49214

    QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.... Read more

    Affected Products : haproxy
    • Published: Oct. 14, 2024
    • Modified: Oct. 29, 2024

  • 7.5

    HIGH
    CVE-2024-9922

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.... Read more

    Affected Products : team\+_pro
    • Published: Oct. 14, 2024
    • Modified: Oct. 24, 2024
Showing 20 of 294848 Results