Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-47130

    The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols.... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-47129

    The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-47128

    The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-47127

    In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being u... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-47126

    The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This on... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 8.1

    HIGH
    CVE-2024-47125

    The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols.... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-47124

    The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption fo... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-47122

    In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadc... Read more

    Affected Products : gotenna_pro
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-43814

    The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated... Read more

    Affected Products : atak_plugin gotenna
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 7.3

    HIGH
    CVE-2024-43362

    Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-9818

    A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection... Read more

    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9817

    A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 8.2

    HIGH
    CVE-2024-43364

    Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.p... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-9925

    SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘Reque... Read more

    Affected Products : qplant_sf
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9981

    The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code... Read more

    Affected Products : ee-class
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9980

    The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents.... Read more

    Affected Products : ee-class
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.2

    HIGH
    CVE-2024-43363

    Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need ... Read more

    Affected Products : cacti
    • Published: Oct. 07, 2024
    • Modified: Oct. 17, 2024

  • 2.4

    LOW
    CVE-2024-48909

    SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their re... Read more

    Affected Products : spicedb
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 8.6

    HIGH
    CVE-2024-46898

    SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.... Read more

    Affected Products : shirasagi
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    HIGH
    CVE-2024-43541

    Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 291526 Results