Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-45967

    Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.... Read more

    Affected Products : pagekit
    • Published: Oct. 01, 2024
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2024-45408

    eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something... Read more

    Affected Products : elabftw
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.6

    MEDIUM
    CVE-2024-44610

    PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.1

    HIGH
    CVE-2024-41673

    Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.... Read more

    Affected Products : decidim
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.7

    HIGH
    CVE-2024-25661

    In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the de... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-25658

    Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and passwords in cleartext.... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-25632

    eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team... Read more

    Affected Products : elabftw
    • Published: Oct. 01, 2024
    • Modified: Aug. 15, 2025

  • 6.8

    MEDIUM
    CVE-2021-37577

    Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pai... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-46276

    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h.... Read more

    Affected Products : cute_png
    • Published: Oct. 01, 2024
    • Modified: Mar. 14, 2025

  • 7.8

    HIGH
    CVE-2024-46274

    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h.... Read more

    Affected Products : cute_png
    • Published: Oct. 01, 2024
    • Modified: Mar. 18, 2025

  • 7.8

    HIGH
    CVE-2024-46267

    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h.... Read more

    Affected Products : cute_png
    • Published: Oct. 01, 2024
    • Modified: Mar. 18, 2025

  • 7.8

    HIGH
    CVE-2024-46264

    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h.... Read more

    Affected Products : cute_png
    • Published: Oct. 01, 2024
    • Modified: Mar. 13, 2025

  • 7.8

    HIGH
    CVE-2024-46263

    cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h.... Read more

    Affected Products : cute_png
    • Published: Oct. 01, 2024
    • Modified: Mar. 18, 2025

  • 7.8

    HIGH
    CVE-2024-46261

    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h.... Read more

    Affected Products : cute_png
    • Published: Oct. 01, 2024
    • Modified: Mar. 17, 2025

  • 7.8

    HIGH
    CVE-2024-46259

    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.... Read more

    Affected Products : cute_png
    • Published: Oct. 01, 2024
    • Modified: Mar. 18, 2025

  • 7.8

    HIGH
    CVE-2024-46258

    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h.... Read more

    Affected Products : cute_png
    • Published: Oct. 01, 2024
    • Modified: Mar. 14, 2025

  • 5.7

    MEDIUM
    CVE-2024-44744

    An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-41276

    A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentia... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.8

    MEDIUM
    CVE-2023-7273

    Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-9405

    An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located ... Read more

    Affected Products : pluckcms
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 294863 Results