Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2024-43364

    Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.p... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 7.2

    HIGH
    CVE-2024-43363

    Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need ... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 7.3

    HIGH
    CVE-2024-43362

    Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 6.7

    MEDIUM
    CVE-2024-47976

    Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Mar. 13, 2025

  • 4.0

    MEDIUM
    CVE-2024-47972

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Nov. 06, 2024

  • 6.5

    MEDIUM
    CVE-2024-47971

    Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Feb. 10, 2025

  • 6.4

    MEDIUM
    CVE-2024-47079

    Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not h... Read more

    • Published: Oct. 07, 2024
    • Modified: Oct. 10, 2024

  • 7.5

    HIGH
    CVE-2024-45293

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Oct. 07, 2024
    • Modified: Mar. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-45292

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue ha... Read more

    Affected Products : phpexcel phpspreadsheet
    • Published: Oct. 07, 2024
    • Modified: Mar. 07, 2025

  • 8.8

    HIGH
    CVE-2024-31449

    Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists ... Read more

    Affected Products : redis
    • Published: Oct. 07, 2024
    • Modified: Sep. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-31228

    Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COM... Read more

    Affected Products : redis
    • Published: Oct. 07, 2024
    • Modified: Sep. 04, 2025

  • 4.4

    MEDIUM
    CVE-2024-31227

    Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis ... Read more

    Affected Products : redis
    • Published: Oct. 07, 2024
    • Modified: Aug. 26, 2025

  • 7.0

    HIGH
    CVE-2024-47975

    Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-47559

    Authenticated RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-47558

    Authenticated RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47557

    Pre-Auth RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47556

    Pre-Auth RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 4.9

    MEDIUM
    CVE-2024-45894

    BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.... Read more

    Affected Products : bluecms bluecms
    • Published: Oct. 07, 2024
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2024-44068

    An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Oct. 07, 2024
    • Modified: Jun. 17, 2025

  • 8.3

    HIGH
    CVE-2024-47555

    Missing Authentication - User & System Configuration... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 294853 Results