Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2024-45607

    whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone us... Read more

    Affected Products : whatsapp-api-js
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-8533

    A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.... Read more

    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.1

    CRITICAL
    CVE-2024-7960

    The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functi... Read more

    Affected Products : pavilion8
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7961

    A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.... Read more

    Affected Products : pavilion8
    • Published: Sep. 12, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8782

    A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. ... Read more

    Affected Products : jfinalcms
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 8.2

    HIGH
    CVE-2024-5754

    BT: Encryption procedure host vulnerability... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 6.8

    MEDIUM
    CVE-2024-6258

    BT: Missing length checks of net_buf in rfcomm_handle_data... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-8783

    A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads ... Read more

    Affected Products : myaac
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 8.8

    HIGH
    CVE-2024-8784

    A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] wit... Read more

    Affected Products : smart_school
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-44430

    SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface... Read more

    Affected Products : best_free_law_office_management
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-5931

    BT: Unchecked user input in bap_broadcast_assistant... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-6135

    BT:Classic: Multiple missing buf length checks... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-6259

    BT: HCI: adv_ext_report Improper discarding in adv_ext_report... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.6

    HIGH
    CVE-2024-6137

    BT: Classic: SDP OOB access in get_att_search_list... Read more

    Affected Products : zephyr
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 7.4

    HIGH
    CVE-2021-38133

    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2021-38132

    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2021-38131

    Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8750

    Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,t... Read more

    Affected Products : i-doit
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-34334

    ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-34335

    ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024
Showing 20 of 290985 Results