Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.2

    CRITICAL
    CVE-2024-47561

    Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.... Read more

    • Published: Oct. 03, 2024
    • Modified: Jul. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-42504

    A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8159

    Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-8352

    The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attac... Read more

    Affected Products : social_web_suite
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 7.8

    HIGH
    CVE-2024-47136

    Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software... Read more

    • Published: Oct. 03, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-47135

    Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming... Read more

    • Published: Oct. 03, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-47134

    Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Softwar... Read more

    • Published: Oct. 03, 2024
    • Modified: Oct. 16, 2024

  • 6.8

    MEDIUM
    CVE-2024-47616

    Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) ... Read more

    Affected Products : pomerium
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 10.0

    CRITICAL
    CVE-2024-45519

    The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.... Read more

    • Actively Exploited
    • Published: Oct. 02, 2024
    • Modified: Feb. 25, 2025

  • 8.8

    HIGH
    CVE-2024-28888

    A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and resul... Read more

    Affected Products : foxit_reader pdf_reader
    • Published: Oct. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24117

    Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.... Read more

    • Published: Oct. 02, 2024
    • Modified: Mar. 13, 2025

  • 8.0

    HIGH
    CVE-2024-8733

    A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-47529

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible ... Read more

    Affected Products : cosmos
    • Published: Oct. 02, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-46977

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to d... Read more

    Affected Products : cosmos
    • Published: Oct. 02, 2024
    • Modified: Oct. 31, 2024

  • 6.4

    MEDIUM
    CVE-2024-45965

    Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.... Read more

    Affected Products : contao
    • Published: Oct. 02, 2024
    • Modified: Aug. 27, 2025

  • 4.8

    MEDIUM
    CVE-2024-45964

    Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.... Read more

    Affected Products : zenario
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 4.7

    MEDIUM
    CVE-2024-45962

    October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code v... Read more

    Affected Products : october
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 4.8

    MEDIUM
    CVE-2024-45960

    Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.... Read more

    Affected Products : zenario
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-43795

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: Thi... Read more

    Affected Products : cosmos
    • Published: Oct. 02, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-9441

    The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality ... Read more

    Affected Products : emerge_e3_firmware
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 294860 Results