Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    CVSS31
    CVE-2024-45767

    Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera... Read more

    Affected Products : openmanage_enterprise
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 8.0

    CVSS31
    CVE-2024-45766

    Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code exe... Read more

    Affected Products : openmanage_enterprise
    • Published: Oct. 17, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    CVSS31
    CVE-2024-7994

    A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current p... Read more

    Affected Products : revit
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.8

    CVSS31
    CVE-2024-7993

    A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process... Read more

    Affected Products : revit
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 0.0

    NONE
    CVE-2024-48918

    RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user i... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 0.0

    NONE
    CVE-2024-47889

    Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 0.0

    NONE
    CVE-2024-47888

    Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Caref... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 0.0

    NONE
    CVE-2024-47887

    Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For a... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    CVSS31
    CVE-2024-46605

    A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more

    Affected Products : piwigo
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 3.5

    CVSS31
    CVE-2024-47836

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more

    Affected Products : admidio
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    CVSS31
    CVE-2024-47522

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic.... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    CVSS31
    CVE-2024-47188

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table ... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    CVSS31
    CVE-2024-47187

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. T... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    CVSS31
    CVE-2024-45797

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme ... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.3

    CVSS31
    CVE-2024-45796

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    CVSS31
    CVE-2024-45795

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traff... Read more

    Affected Products : suricata
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    CVSS31
    CVE-2024-48744

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.... Read more

    Affected Products : teachers_record_management_system
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 0.0

    NONE
    CVE-2024-41128

    Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dis... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 0.0

    NONE
    CVE-2024-9143

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even ... Read more

    Affected Products : openssl
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 0.0

    NONE
    CVE-2024-4692

    Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization confi... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 296 Results