Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-44056

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2.... Read more

    Affected Products : mantra
    • Published: Sep. 15, 2024
    • Modified: Sep. 23, 2024

  • 7.8

    HIGH
    CVE-2024-34153

    Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-44057

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3.... Read more

    Affected Products : nirvana
    • Published: Sep. 15, 2024
    • Modified: Sep. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-44058

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1.... Read more

    Affected Products : parabola
    • Published: Sep. 15, 2024
    • Modified: Sep. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-44054

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.... Read more

    Affected Products : fluida
    • Published: Sep. 15, 2024
    • Modified: Sep. 23, 2024

  • 7.8

    HIGH
    CVE-2024-34543

    Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 5.7

    MEDIUM
    CVE-2024-36261

    Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 5.7

    MEDIUM
    CVE-2024-36247

    Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 5.7

    MEDIUM
    CVE-2024-34545

    Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-42483

    ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for al... Read more

    Affected Products : esp-now
    • Published: Sep. 12, 2024
    • Modified: Sep. 23, 2024

  • 7.8

    HIGH
    CVE-2024-27320

    An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted ... Read more

    Affected Products : autolabel
    • Published: Sep. 12, 2024
    • Modified: Sep. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-45833

    Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 9.2

    CRITICAL
    CVE-2024-7609

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8.... Read more

    Affected Products : voc_tester
    • Published: Sep. 11, 2024
    • Modified: Sep. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-7015

    Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.... Read more

    Affected Products : passbox
    • Published: Sep. 09, 2024
    • Modified: Sep. 23, 2024

  • 7.5

    HIGH
    CVE-2024-37068

    IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.... Read more

    Affected Products : maximo_application_suite
    • Published: Sep. 07, 2024
    • Modified: Sep. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-35136

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.... Read more

    Affected Products : db2
    • Published: Aug. 14, 2024
    • Modified: Sep. 21, 2024

  • 8.2

    HIGH
    CVE-2024-35133

    IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could ex... Read more

    • Published: Aug. 29, 2024
    • Modified: Sep. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-31882

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.... Read more

    Affected Products : db2
    • Published: Aug. 14, 2024
    • Modified: Sep. 21, 2024

  • 7.5

    HIGH
    CVE-2024-28799

    IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the ... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Aug. 14, 2024
    • Modified: Sep. 21, 2024

  • 7.5

    HIGH
    CVE-2023-47728

    IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This informa... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Aug. 16, 2024
    • Modified: Sep. 21, 2024
Showing 20 of 291012 Results