Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-26770

    TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.... Read more

    Affected Products : taskcafe
    • Published: Oct. 04, 2024
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2024-8149

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s brow... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Jan. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-8148

    There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 5.3

    MEDIUM
    CVE-2024-47211

    In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for stream... Read more

    Affected Products :
    • Published: Oct. 04, 2024
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2024-44439

    An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.... Read more

    Affected Products :
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-41516

    A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-41515

    A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-41514

    A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-41513

    A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 8.8

    HIGH
    CVE-2024-41512

    A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 3.9

    LOW
    CVE-2024-41511

    A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2024-38040

    There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-38039

    There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change ... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-38038

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-38037

    There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-38036

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s b... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-25707

    There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript c... Read more

    Affected Products : linux_kernel windows portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Oct. 15, 2024

  • 4.8

    MEDIUM
    CVE-2024-25702

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked co... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-25701

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed wi... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-25694

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which... Read more

    Affected Products : portal_for_arcgis
    • Published: Oct. 04, 2024
    • Modified: Apr. 10, 2025
Showing 20 of 294863 Results