Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-31228

    Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COM... Read more

    Affected Products : redis
    • Published: Oct. 07, 2024
    • Modified: Sep. 04, 2025

  • 4.4

    MEDIUM
    CVE-2024-31227

    Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis ... Read more

    Affected Products : redis
    • Published: Oct. 07, 2024
    • Modified: Aug. 26, 2025

  • 7.0

    HIGH
    CVE-2024-47975

    Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-47559

    Authenticated RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-47558

    Authenticated RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47557

    Pre-Auth RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47556

    Pre-Auth RCE via Path Traversal... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 16, 2024

  • 4.9

    MEDIUM
    CVE-2024-45894

    BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.... Read more

    Affected Products : bluecms bluecms
    • Published: Oct. 07, 2024
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2024-44068

    An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Oct. 07, 2024
    • Modified: Jun. 17, 2025

  • 8.3

    HIGH
    CVE-2024-47555

    Missing Authentication - User & System Configuration... Read more

    Affected Products : freeflow_core
    • Published: Oct. 07, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-46076

    RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.... Read more

    Affected Products : ruoyi
    • Published: Oct. 07, 2024
    • Modified: May. 15, 2025

  • 5.7

    MEDIUM
    CVE-2024-44674

    D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.... Read more

    Affected Products : covr-2600r_firmware covr-2600r
    • Published: Oct. 07, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-42831

    A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialo... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-46300

    itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.... Read more

    Affected Products : placement_management_system
    • Published: Oct. 07, 2024
    • Modified: Oct. 10, 2024

  • 8.8

    HIGH
    CVE-2024-27458

    A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to u... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 9.0

    HIGH
    CVE-2024-9570

    A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The att... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-46446

    Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.... Read more

    Affected Products : mecha
    • Published: Oct. 07, 2024
    • Modified: Oct. 11, 2024

  • 8.4

    HIGH
    CVE-2024-46278

    Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.... Read more

    Affected Products : teedy
    • Published: Oct. 07, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2024-46041

    IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-46040

    IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and fo... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Nov. 04, 2024
Showing 20 of 294863 Results