Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-8776

    SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.... Read more

    Affected Products : smartrobot_firmware smartrobot
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.4

    CRITICAL
    CVE-2024-8963

    Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.... Read more

    • Actively Exploited
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-45590

    body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in d... Read more

    Affected Products : body-parser
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 4.3

    MEDIUM
    CVE-2024-45323

    An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organiz... Read more

    Affected Products : fortiedrmanager
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-45407

    Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing... Read more

    Affected Products : sunshine
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 5.0

    MEDIUM
    CVE-2024-43796

    Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.... Read more

    Affected Products : express express
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-46690

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirming fl->fl_lmops is the expected manager. nfs... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-46689

    In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-8862

    A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query l... Read more

    Affected Products : h2o
    • Published: Sep. 14, 2024
    • Modified: Sep. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-8863

    A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site... Read more

    Affected Products : aim
    • Published: Sep. 14, 2024
    • Modified: Sep. 20, 2024

  • 6.9

    MEDIUM
    CVE-2024-8866

    A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remot... Read more

    Affected Products : autocms
    • Published: Sep. 15, 2024
    • Modified: Sep. 20, 2024

  • 6.1

    MEDIUM
    CVE-2023-50883

    ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an inco... Read more

    Affected Products : document_server
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-44902

    A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.... Read more

    Affected Products : thinkphp
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-6587

    A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request... Read more

    Affected Products : litellm
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 10.0

    CRITICAL
    CVE-2024-6795

    In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.  An attacker could have submitted a crafted payload to... Read more

    Affected Products : connex_health_portal
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-6796

    In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.... Read more

    Affected Products : connex_health_portal
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-7104

    Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.... Read more

    Affected Products : winsure
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-8780

    OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.... Read more

    Affected Products : omflow
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-46959

    runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio stream.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-45523

    An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource le... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 291000 Results