Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2024-47765

    Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdIt... Read more

    Affected Products : minecraft_motd_parser
    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024

  • 8.1

    HIGH
    CVE-2024-47183

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new u... Read more

    Affected Products : parse-server parse_server
    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024

  • 9.0

    HIGH
    CVE-2024-9515

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initia... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 04, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9514

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer over... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 04, 2024
    • Modified: Oct. 09, 2024

  • 5.3

    MEDIUM
    CVE-2024-9410

    Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint.... Read more

    Affected Products : ada
    • Published: Oct. 04, 2024
    • Modified: Nov. 22, 2024

  • 6.3

    MEDIUM
    CVE-2024-9513

    A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handl... Read more

    Affected Products : netadmin_iam
    • Published: Oct. 04, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-9484

    An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.... Read more

    Affected Products : antivirus antivirus
    • Published: Oct. 04, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-9483

    A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.... Read more

    Affected Products : antivirus antivirus
    • Published: Oct. 04, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-9482

    An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.... Read more

    Affected Products : antivirus antivirus
    • Published: Oct. 04, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-9481

    An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.... Read more

    Affected Products : antivirus antivirus
    • Published: Oct. 04, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-8499

    The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitiz... Read more

    Affected Products : checkout_field_editor
    • Published: Oct. 04, 2024
    • Modified: Nov. 08, 2024

  • 8.7

    HIGH
    CVE-2024-47790

    ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol (RTSP) version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP... Read more

    Affected Products :
    • Published: Oct. 04, 2024
    • Modified: Oct. 14, 2024

  • 8.7

    HIGH
    CVE-2024-47789

    ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker cou... Read more

    Affected Products :
    • Published: Oct. 04, 2024
    • Modified: Oct. 14, 2024

  • 7.1

    HIGH
    CVE-2024-47657

    This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could... Read more

    Affected Products : net_back_office
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47656

    This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to ga... Read more

    Affected Products : client_dashboard client_dashboard
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-47655

    This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead... Read more

    Affected Products : client_dashboard client_dashboard
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-47654

    This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through ... Read more

    Affected Products : client_dashboard client_dashboard
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 7.1

    HIGH
    CVE-2024-47653

    This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests... Read more

    Affected Products : client_dashboard client_dashboard
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 8.1

    HIGH
    CVE-2024-47652

    This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could explo... Read more

    Affected Products : client_dashboard client_dashboard
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 8.2

    HIGH
    CVE-2024-6400

    Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.... Read more

    Affected Products : finrota
    • Published: Oct. 04, 2024
    • Modified: Nov. 12, 2024
Showing 20 of 294858 Results