Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-47331

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7.... Read more

    Affected Products : multi_step_for_contact_form_7
    • Published: Oct. 11, 2024
    • Modified: Nov. 14, 2024

  • 5.7

    MEDIUM
    CVE-2024-9539

    An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishin... Read more

    Affected Products : enterprise_server
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-46532

    SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-44807

    A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-44157

    A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.... Read more

    Affected Products : itunes apple_tv
    • Published: Oct. 11, 2024
    • Modified: Dec. 12, 2024

  • 8.8

    HIGH
    CVE-2024-9859

    Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome
    • Published: Oct. 11, 2024
    • Modified: Jan. 02, 2025

  • 7.5

    HIGH
    CVE-2024-47877

    Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extr... Read more

    Affected Products : extract
    • Published: Oct. 11, 2024
    • Modified: Nov. 22, 2024

  • 6.5

    MEDIUM
    CVE-2024-46215

    A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-44734

    Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 16, 2024

  • 4.7

    MEDIUM
    CVE-2024-44731

    Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-44415

    A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.... Read more

    Affected Products : di-8200_firmware
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-44414

    A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-44413

    A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.... Read more

    Affected Products : di-8200_firmware
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.7

    HIGH
    CVE-2024-42018

    An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to t... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Nov. 06, 2024

  • 7.8

    HIGH
    CVE-2024-9046

    A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.... Read more

    Affected Products : starstudio
    • Published: Oct. 11, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    HIGH
    CVE-2024-8376

    In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.... Read more

    Affected Products : mosquitto
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 4.4

    MEDIUM
    CVE-2024-6985

    A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The ... Read more

    Affected Products : lollms
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-5474

    A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation o... Read more

    Affected Products : dolby_vision_provisioning
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-4132

    A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.... Read more

    Affected Products : lock_screen
    • Published: Oct. 11, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-4131

    A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.... Read more

    Affected Products : emulator
    • Published: Oct. 11, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 294837 Results