Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-11175

    A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may... Read more

    Affected Products : publiccms
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 8.5

    HIGH
    CVE-2024-29119

    A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges.... Read more

    Affected Products : spectrum_power_7
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11124

    A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical. This vulnerability affects unknown code of the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r. The manipulation leads to sql injection. The attack can b... Read more

    Affected Products : ui-o-matic
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 5.4

    MEDIUM
    CVE-2021-27703

    Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.3

    HIGH
    CVE-2021-27702

    Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-50143

    In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After... Read more

    Affected Products : linux_kernel
    • Published: Nov. 07, 2024
    • Modified: Nov. 15, 2024

  • 6.8

    MEDIUM
    CVE-2021-37577

    Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pai... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Nov. 15, 2024

  • 9.1

    CRITICAL
    CVE-2024-44760

    Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.... Read more

    Affected Products : enterprise_management_system
    • Published: Aug. 28, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-50145

    In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to... Read more

    Affected Products : linux_kernel
    • Published: Nov. 07, 2024
    • Modified: Nov. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-40579

    Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-21949

    Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.... Read more

    Affected Products : ryzen_ai_software
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-21974

    Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.... Read more

    Affected Products : ryzen_ai_software
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-21975

    Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.... Read more

    Affected Products : ryzen_ai_software
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11065

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11064

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11063

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11062

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47178

    basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.... Read more

    Affected Products : basic-auth-connect
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-47530

    Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sa... Read more

    Affected Products : scout
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 4.6

    MEDIUM
    CVE-2024-47531

    Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data ... Read more

    Affected Products : scout
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024
Showing 20 of 293600 Results