Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.2

    CRITICAL
    CVE-2023-25581

    pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-... Read more

    Affected Products : pac4j
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9792

    A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible ... Read more

    Affected Products : dsl-2750u_firmware dsl-2750u
    • Published: Oct. 10, 2024
    • Modified: Nov. 25, 2024

  • 7.2

    HIGH
    CVE-2024-9790

    A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The e... Read more

    Affected Products : lylme_spage
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 7.2

    HIGH
    CVE-2024-9789

    A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The explo... Read more

    Affected Products : lylme_spage
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 7.2

    HIGH
    CVE-2024-9788

    A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The explo... Read more

    Affected Products : lylme_spage
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 6.9

    MEDIUM
    CVE-2024-9787

    A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to... Read more

    • Published: Oct. 10, 2024
    • Modified: Nov. 25, 2024

  • 7.5

    HIGH
    CVE-2024-9312

    Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.... Read more

    Affected Products : authd
    • Published: Oct. 10, 2024
    • Modified: Aug. 26, 2025

  • 6.9

    MEDIUM
    CVE-2024-4658

    SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0.... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 9.0

    HIGH
    CVE-2024-9786

    A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack m... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 9.0

    HIGH
    CVE-2024-9785

    A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be l... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 5.1

    MEDIUM
    CVE-2024-6157

    An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when speciall... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-35202

    Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called t... Read more

    Affected Products : bitcoin_core bitcoin
    • Published: Oct. 10, 2024
    • Modified: May. 22, 2025

  • 9.0

    HIGH
    CVE-2024-9784

    A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to laun... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 9.0

    HIGH
    CVE-2024-9783

    A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be ... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 9.0

    HIGH
    CVE-2024-9782

    A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overf... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 7.3

    HIGH
    CVE-2024-6530

    A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to rend... Read more

    Affected Products : gitlab
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9201

    The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.... Read more

    Affected Products : seur
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-48902

    In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API... Read more

    Affected Products : youtrack
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-9623

    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.... Read more

    Affected Products : gitlab
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-9596

    An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a Git... Read more

    Affected Products : gitlab
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294853 Results