Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-46307

    A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.... Read more

    Affected Products : sparkshop
    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-45746

    An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument lis... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 11, 2024

  • 7.5

    HIGH
    CVE-2024-43610

    Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector... Read more

    Affected Products : copilot_studio
    • Published: Oct. 09, 2024
    • Modified: Jan. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-42988

    Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is ... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Feb. 10, 2025

  • 8.0

    HIGH
    CVE-2024-46316

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Oct. 09, 2024
    • Modified: Apr. 10, 2025

  • 7.5

    HIGH
    CVE-2024-46304

    A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 7.5

    HIGH
    CVE-2024-46292

    A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation in... Read more

    Affected Products : modsecurity modsecurity
    • Published: Oct. 09, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-25825

    FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 11, 2024

  • 7.8

    HIGH
    CVE-2024-9675

    A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write)... Read more

    • Published: Oct. 09, 2024
    • Modified: Aug. 25, 2025

  • 5.3

    MEDIUM
    CVE-2024-9671

    A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.... Read more

    Affected Products : 3scale_api_management_platform
    • Published: Oct. 09, 2024
    • Modified: Dec. 04, 2024

  • 7.8

    HIGH
    CVE-2024-8048

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.... Read more

    Affected Products : telerik_reporting
    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 9.1

    CRITICAL
    CVE-2024-8015

    In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.... Read more

    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-8014

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.... Read more

    Affected Products : telerik_reporting
    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-7840

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.... Read more

    Affected Products : telerik_reporting
    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 7.5

    HIGH
    CVE-2024-7294

    In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.... Read more

    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-7293

    In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.... Read more

    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-7292

    In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.... Read more

    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-47673

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Oct. 23, 2024

  • 5.5

    MEDIUM
    CVE-2024-47672

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead There is a WARNING in iwl_trans_wait_tx_queues_empty() (that was recently converted from just a message), that can be hi... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-47671

    In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 09, 2024
    • Modified: Nov. 08, 2024
Showing 20 of 294863 Results