Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2024-47491

    An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 17, 2024

  • 8.2

    HIGH
    CVE-2024-47490

    An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consump... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.9

    MEDIUM
    CVE-2024-47489

    An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic t... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-46088

    An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.1

    CRITICAL
    CVE-2024-44730

    Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-44729

    Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-42640

    angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.3

    HIGH
    CVE-2024-39563

    A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution b... Read more

    Affected Products : junos_space
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.7

    HIGH
    CVE-2024-39547

    An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.1

    MEDIUM
    CVE-2024-39544

    An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-39534

    An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address o... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.8

    MEDIUM
    CVE-2024-39527

    An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of pro... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-39526

    An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-33582

    A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-33581

    A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.... Read more

    Affected Products : pcmanager
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-33580

    A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-33579

    A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.... Read more

    Affected Products : baiying
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-33578

    A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.... Read more

    Affected Products : leyun
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-8755

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    Affected Products : loadmaster loadmaster
    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 10.0

    CRITICAL
    CVE-2024-47875

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.... Read more

    Affected Products : dompurify
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 294837 Results