Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-50883

    ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an inco... Read more

    Affected Products : document_server
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-44902

    A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.... Read more

    Affected Products : thinkphp
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-6587

    A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request... Read more

    Affected Products : litellm
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 10.0

    CRITICAL
    CVE-2024-6795

    In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.  An attacker could have submitted a crafted payload to... Read more

    Affected Products : connex_health_portal
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-6796

    In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.... Read more

    Affected Products : connex_health_portal
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-7104

    Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.... Read more

    Affected Products : winsure
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-8780

    OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.... Read more

    Affected Products : omflow
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-46959

    runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio stream.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-45523

    An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource le... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-8778

    OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.... Read more

    Affected Products : omflow
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 7.5

    HIGH
    CVE-2024-8777

    OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials.... Read more

    Affected Products : omflow
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.5

    MEDIUM
    CVE-2024-38315

    IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : aspera_shares
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 7.8

    HIGH
    CVE-2024-39613

    Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that ... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 5.3

    MEDIUM
    CVE-2024-1578

    The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being ... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-46970

    In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible... Read more

    Affected Products : intellij_idea
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 6.0

    MEDIUM
    CVE-2024-4465

    An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific appl... Read more

    Affected Products : cmc guardian
    • Published: Sep. 11, 2024
    • Modified: Sep. 20, 2024

  • 7.2

    HIGH
    CVE-2024-41958

    mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthoriz... Read more

    Affected Products : mailcow\
    • Published: Aug. 05, 2024
    • Modified: Sep. 20, 2024

  • 8.8

    HIGH
    CVE-2024-23657

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of Orig... Read more

    Affected Products : nuxt
    • Published: Aug. 05, 2024
    • Modified: Sep. 20, 2024

  • 7.3

    HIGH
    CVE-2024-45801

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possibl... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 8.1

    HIGH
    CVE-2024-45413

    The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its l... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 291128 Results