Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-41605

    In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 8.8

    HIGH
    CVE-2024-45982

    A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their ... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 8.8

    HIGH
    CVE-2024-45979

    A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise the... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 8.8

    HIGH
    CVE-2024-45981

    A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 5.1

    MEDIUM
    CVE-2024-8118

    In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.... Read more

    Affected Products : grafana
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 8.8

    HIGH
    CVE-2024-45980

    A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their acco... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 4.0

    MEDIUM
    CVE-2024-45989

    Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat da... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 9.1

    CRITICAL
    CVE-2024-46627

    Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 7.3

    HIGH
    CVE-2024-40509

    Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function.... Read more

    Affected Products : openpetra
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-9294

    A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username l... Read more

    Affected Products : dingfanzu
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 7.5

    HIGH
    CVE-2024-45773

    A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.... Read more

    Affected Products : thrift
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.3

    MEDIUM
    CVE-2024-45863

    A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00.... Read more

    Affected Products : thrift
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 6.5

    MEDIUM
    CVE-2024-9275

    A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack ma... Read more

    Affected Products : 123solar
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 4.8

    MEDIUM
    CVE-2024-9283

    A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The e... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 8.8

    HIGH
    CVE-2024-46441

    An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an uncompressed file is... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-8310

    OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.3

    MEDIUM
    CVE-2024-9160

    In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 5.0

    MEDIUM
    CVE-2024-45745

    TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.2

    CRITICAL
    CVE-2024-3373

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.2

    CRITICAL
    CVE-2024-22170

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102.... Read more

    Affected Products : my_cloud_firmware
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024
Showing 20 of 294850 Results