Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2024-7873

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-47001

    Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.6

    HIGH
    CVE-2024-43969

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-21743

    Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46736

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_rename_path() If smb2_set_path_attr() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() again as... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.9

    CRITICAL
    CVE-2024-45798

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml`... Read more

    Affected Products : arduino-esp32
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 6.9

    MEDIUM
    CVE-2024-5682

    Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1.... Read more

    Affected Products : library_automation_system
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46748

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT Set the maximum size of a subrequest that writes to cachefiles to be MAX_RW_COUNT so that we don't overrun the maxim... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46718

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs on certain platforms. Use 2M pages for the last unaligned (to 1G) VRAM chun... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.2

    HIGH
    CVE-2024-42502

    Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.... Read more

    Affected Products : arubaos
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46717

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix incorrect page release Under the following conditions: 1) No skb created yet 2) header_size == 0 (no SHAMPO header) 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_P... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 6.2

    MEDIUM
    CVE-2024-8939

    A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of paramete... Read more

    Affected Products : vllm
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 7.2

    HIGH
    CVE-2024-42501

    An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or... Read more

    Affected Products : arubaos
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 0.0

    NA
    CVE-2024-46745

    In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-35515

    Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-37406

    In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-40568

    Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-45601

    Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability w... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 8.6

    HIGH
    CVE-2023-47105

    exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 8.7

    HIGH
    CVE-2024-7737

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 294848 Results