Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2024-38029

Microsoft OpenSSH for Windows Remote Code Execution Vulnerability...

Affected Products : windows_server_2022_23h2 windows_server_23h2
Published: Oct. 08, 2024

Modified: Oct. 16, 2024
6.7

MEDIUM

CVE-2024-37983

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability...

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 +7 more products
Published: Oct. 08, 2024

Modified: Oct. 16, 2024
7.8

HIGH

CVE-2024-37982

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability...

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 +7 more products
Published: Oct. 08, 2024

Modified: Oct. 16, 2024
7.8

HIGH

CVE-2024-37979

Windows Kernel Elevation of Privilege Vulnerability...

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows windows_server_2012_r2
Published: Oct. 08, 2024

Modified: Oct. 16, 2024
6.7

MEDIUM

CVE-2024-37976

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability...

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 +7 more products
Published: Oct. 08, 2024

Modified: Oct. 16, 2024
6.2

MEDIUM

CVE-2024-35215

NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Netwo...

Affected Products : qnx_software_development_platform
Published: Oct. 08, 2024

Modified: Oct. 10, 2024
8.0

HIGH

CVE-2024-30092

Windows Hyper-V Remote Code Execution Vulnerability...

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 windows_10_1507 +5 more products
Published: Oct. 08, 2024

Modified: Jan. 10, 2025
7.5

HIGH

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string....

Affected Products :
Published: Oct. 08, 2024

Modified: Oct. 10, 2024
7.1

HIGH

CVE-2024-20659

Windows Hyper-V Security Feature Bypass Vulnerability...

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 +2 more products
Published: Oct. 08, 2024

Modified: Jan. 10, 2025
5.3

MEDIUM

CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transitio...

Affected Products :
Published: Oct. 08, 2024

Modified: Oct. 10, 2024
5.3

MEDIUM

CVE-2024-9621

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, app...

Affected Products :
Published: Oct. 08, 2024

Modified: Dec. 06, 2024
5.3

MEDIUM

CVE-2024-9620

A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between th...

Affected Products :
Published: Oct. 08, 2024

Modified: Oct. 10, 2024
7.2

HIGH

CVE-2024-9381

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions....

Affected Products : endpoint_manager_cloud_services_appliance cloud_services_appliance
Published: Oct. 08, 2024

Modified: Oct. 16, 2024
7.2

HIGH

CVE-2024-9380

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution....

Affected Products : endpoint_manager_cloud_services_appliance cloud_services_appliance
Actively Exploited

Published: Oct. 08, 2024

Modified: Oct. 10, 2024
7.2

HIGH

CVE-2024-9379

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements....

Affected Products : endpoint_manager_cloud_services_appliance cloud_services_appliance
Actively Exploited

Published: Oct. 08, 2024

Modified: Oct. 10, 2024
7.8

HIGH

CVE-2024-9167

Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation....

Affected Products : velocity_license_server
Published: Oct. 08, 2024

Modified: Aug. 13, 2025
8.2

HIGH

CVE-2024-9124

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after i...

Affected Products :
Published: Oct. 08, 2024

Modified: Nov. 21, 2024
8.7

HIGH

CVE-2024-8626

Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected product...

Affected Products : 1756-en4tr_firmware compactlogix_5380_firmware compact_guardlogix_5380_firmware compactlogix_5480_firmware guardlogix_5580_firmware
Published: Oct. 08, 2024

Modified: Oct. 10, 2024
8.8

HIGH

CVE-2024-7612

Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components....

Affected Products : endpoint_manager_mobile
Published: Oct. 08, 2024

Modified: Dec. 18, 2024
7.5

HIGH

CVE-2024-47011

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information...

Affected Products : avalanche
Published: Oct. 08, 2024

Modified: Oct. 16, 2024

Showing 20 of 294848 Results

1
...
2219
2220
2221
2222
2223
2224
2225
...
14743

Browse by Apps

Latest CVE Feed

7.5

6.7

7.8

7.8

6.7

6.2

8.0

7.5

7.1

5.3

5.3

5.3

7.2

7.2

7.2

7.8

8.2

8.7

8.8

7.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable