Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2024-44540

    Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2023-46948

    A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.... Read more

    Affected Products : t24
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 4.7

    MEDIUM
    CVE-2024-8903

    Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 7.5

    HIGH
    CVE-2024-43989

    Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid allows Server Side Request Forgery.This issue affects Justified Image Grid: from n/a through 4.6.1.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 6.6

    MEDIUM
    CVE-2024-40441

    An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs param... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 6.6

    MEDIUM
    CVE-2024-39342

    Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys ar... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 7.6

    HIGH
    CVE-2024-41228

    A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 8.3

    HIGH
    CVE-2024-47061

    Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the `attributes` pr... Read more

    Affected Products : plate
    • Published: Sep. 20, 2024
    • Modified: Sep. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-43237

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-7481

    Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 8.2

    HIGH
    CVE-2024-21545

    Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arb... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-42507

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitati... Read more

    Affected Products : arubaos
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 8.7

    HIGH
    CVE-2024-8497

    Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.... Read more

    Affected Products : ts-550_evo_firmware
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-7479

    Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows sys... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-9141

    Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the ex... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 7.5

    HIGH
    CVE-2024-8175

    An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.... Read more

    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-42505

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitati... Read more

    Affected Products : arubaos
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 7.5

    HIGH
    CVE-2024-46936

    Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 3.8

    LOW
    CVE-2024-45599

    Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly b... Read more

    Affected Products : cursor
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-43990

    Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8.... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024
Showing 20 of 294842 Results