Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2024-8367

    A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of the file src/main/java/uk/gov/hmcts/probate/service/No... Read more

    Affected Products :
    • Published: Sep. 01, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-23358

    Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 7.1

    HIGH
    CVE-2024-23362

    Cryptographic issue while parsing RSA keys in COBR format.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 7.5

    HIGH
    CVE-2024-23364

    Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 2.5

    LOW
    CVE-2024-45305

    gix-path is a crate of the gitoxide project dealing with git paths and their conversions. `gix-path` executes `git` to find the path of a configuration file that belongs to the `git` installation itself, but mistakenly treats the local repository's config... Read more

    Affected Products :
    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 8.2

    HIGH
    CVE-2024-23359

    Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-45308

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be acces... Read more

    Affected Products : hedgedoc
    • Published: Sep. 02, 2024
    • Modified: Sep. 03, 2024

  • 6.6

    MEDIUM
    CVE-2024-25562

    Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 3.3

    LOW
    CVE-2024-24973

    Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 7.8

    HIGH
    CVE-2024-23495

    Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 7.3

    HIGH
    CVE-2024-23491

    Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 31, 2024

  • 7.5

    HIGH
    CVE-2024-7651

    The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user suppli... Read more

    Affected Products : app_builder
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-7032

    The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenti... Read more

    Affected Products : smart_online_order_for_clover
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-7030

    The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attacker... Read more

    Affected Products : smart_online_order_for_clover
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-42939

    A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field.... Read more

    Affected Products : yzncms
    • Published: Aug. 21, 2024
    • Modified: Aug. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-42337

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-42338

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 8.3

    HIGH
    CVE-2024-42340

    CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 4.3

    MEDIUM
    CVE-2024-42339

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : identity
    • Published: Aug. 25, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-45488

    One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.... Read more

    Affected Products :
    • Published: Aug. 30, 2024
    • Modified: Aug. 30, 2024
Showing 20 of 290171 Results