Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-45395

    sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the ... Read more

    Affected Products : sigstore-go
    • Published: Sep. 04, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2024-6685

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.... Read more

    Affected Products : gitlab
    • Published: Sep. 16, 2024
    • Modified: Sep. 24, 2024

  • 6.1

    MEDIUM
    CVE-2024-45399

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability durin... Read more

    Affected Products : indico
    • Published: Sep. 04, 2024
    • Modified: Sep. 24, 2024

  • 6.7

    MEDIUM
    CVE-2022-27592

    An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have alread... Read more

    Affected Products : qvr_smart_client
    • Published: Sep. 06, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-43978

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.... Read more

    Affected Products : super_store_finder
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.2

    HIGH
    CVE-2023-39300

    An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: Q... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Sep. 06, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-43976

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.... Read more

    Affected Products : super_store_finder
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 8.8

    HIGH
    CVE-2024-9001

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. Th... Read more

    Affected Products : t10_firmware t10
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 5.5

    MEDIUM
    CVE-2024-46793

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()") dummy codecs declared like ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-8287

    Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before th... Read more

    Affected Products : anbox_cloud
    • Published: Sep. 18, 2024
    • Modified: Sep. 24, 2024

  • 8.3

    HIGH
    CVE-2022-25776

    Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 24, 2024

  • 8.1

    HIGH
    CVE-2024-8947

    A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The com... Read more

    Affected Products : micropython
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.5

    HIGH
    CVE-2024-8946

    A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible... Read more

    Affected Products : micropython
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 7.8

    HIGH
    CVE-2024-38016

    Microsoft Office Visio Remote Code Execution Vulnerability... Read more

    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2024-45619

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled ... Read more

    Affected Products : enterprise_linux opensc
    • Published: Sep. 03, 2024
    • Modified: Sep. 23, 2024

  • 7.2

    HIGH
    CVE-2022-25775

    Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manip... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 23, 2024

  • 5.4

    MEDIUM
    CVE-2022-25774

    Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards.... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 23, 2024

  • 4.8

    MEDIUM
    CVE-2024-8660

    Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be e... Read more

    Affected Products : concrete_cms concrete5
    • Published: Sep. 17, 2024
    • Modified: Sep. 23, 2024

  • 5.3

    MEDIUM
    CVE-2024-45612

    Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrad... Read more

    Affected Products : contao
    • Published: Sep. 17, 2024
    • Modified: Sep. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-8951

    A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripti... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 23, 2024
Showing 20 of 291012 Results