Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.5

    MEDIUM
    CVE-2024-21530

    Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 4.7

    MEDIUM
    CVE-2024-9407

    A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be... Read more

    • Published: Oct. 01, 2024
    • Modified: Dec. 20, 2024

  • 6.9

    MEDIUM
    CVE-2024-47609

    Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2024-47528

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the uploa... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Dec. 19, 2024

  • 7.5

    HIGH
    CVE-2024-47527

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 3.5

    LOW
    CVE-2024-47526

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script execu... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Dec. 19, 2024

  • 7.5

    HIGH
    CVE-2024-47525

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerabil... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 7.2

    HIGH
    CVE-2024-47524

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, ... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Dec. 19, 2024

  • 7.5

    HIGH
    CVE-2024-47523

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which ... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 8.0

    HIGH
    CVE-2024-46084

    Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-46082

    Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 8.0

    HIGH
    CVE-2024-46080

    Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-9411

    A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possibl... Read more

    Affected Products : ofcms
    • Published: Oct. 01, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-45999

    A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter.... Read more

    Affected Products : cloudlog
    • Published: Oct. 01, 2024
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-9355

    A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between... Read more

    • Published: Oct. 01, 2024
    • Modified: May. 14, 2025

  • 8.2

    HIGH
    CVE-2024-9341

    A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick th... Read more

    • Published: Oct. 01, 2024
    • Modified: Dec. 11, 2024

  • 5.4

    MEDIUM
    CVE-2024-46083

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is importa... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-46081

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to v... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-46079

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter.... Read more

    Affected Products : scriptcase
    • Published: Oct. 01, 2024
    • Modified: Apr. 28, 2025

  • 8.1

    HIGH
    CVE-2024-42514

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user i... Read more

    Affected Products : micontact_center_business
    • Published: Oct. 01, 2024
    • Modified: May. 30, 2025
Showing 20 of 294863 Results