Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-8778

    OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.... Read more

    Affected Products : omflow
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-8777

    OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.... Read more

    Affected Products : omflow
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-38315

    IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : aspera_shares
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 7.8

    HIGH
    CVE-2024-39613

    Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that ... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 5.3

    MEDIUM
    CVE-2024-1578

    The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being ... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-46970

    In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible... Read more

    Affected Products : intellij_idea
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.0

    MEDIUM
    CVE-2024-4465

    An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific appl... Read more

    Affected Products : cmc guardian
    • Published: Sep. 11, 2024
    • Modified: Sep. 20, 2024

  • 7.2

    HIGH
    CVE-2024-41958

    mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthoriz... Read more

    Affected Products : mailcow\
    • Published: Aug. 05, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-23657

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of Orig... Read more

    Affected Products : nuxt
    • Published: Aug. 05, 2024
    • Modified: Sep. 20, 2024

  • 7.3

    HIGH
    CVE-2024-45801

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possibl... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 5.0

    MEDIUM
    CVE-2024-45800

    Snappymail is an open source web-based email client. SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (inv... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-34016

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2023-45854

    A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-45415

    The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-8110

    Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may resta... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 9.9

    CRITICAL
    CVE-2024-8767

    Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 8.1

    HIGH
    CVE-2024-45416

    The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using ... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 8.1

    HIGH
    CVE-2024-45413

    The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its l... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-45414

    The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded cipher... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 7.2

    HIGH
    CVE-2024-42503

    Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.... Read more

    Affected Products : arubaos
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 291000 Results