Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-7579

    A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation ... Read more

    Affected Products : alr-f800_firmware alr-f800
    • Published: Aug. 07, 2024
    • Modified: Aug. 28, 2024

  • 7.8

    HIGH
    CVE-2024-7061

    Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.... Read more

    Affected Products : verify
    • Published: Aug. 07, 2024
    • Modified: Aug. 28, 2024

  • 7.3

    HIGH
    CVE-2024-6361

    Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.... Read more

    Affected Products : alm_octane
    • Published: Aug. 05, 2024
    • Modified: Aug. 28, 2024

  • 5.5

    MEDIUM
    CVE-2024-43915

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102.... Read more

    • Published: Aug. 26, 2024
    • Modified: Aug. 28, 2024

  • 8.0

    HIGH
    CVE-2024-42845

    An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-34087

    An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request.... Read more

    Affected Products :
    • Published: Aug. 26, 2024
    • Modified: Aug. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-7940

    The product exposes a service that is intended for local only to all network interfaces without any authentication.... Read more

    Affected Products : microscada_x_sys600
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 8.8

    HIGH
    CVE-2024-41657

    Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the... Read more

    Affected Products : casdoor
    • Published: Aug. 20, 2024
    • Modified: Aug. 28, 2024

  • 6.1

    MEDIUM
    CVE-2024-41658

    Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through ca... Read more

    Affected Products : casdoor
    • Published: Aug. 20, 2024
    • Modified: Aug. 28, 2024

  • 8.0

    HIGH
    CVE-2022-39997

    A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges... Read more

    Affected Products : rs123_firmware rs123w_firmware
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-42361

    Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for... Read more

    Affected Products : hertzbeat
    • Published: Aug. 20, 2024
    • Modified: Aug. 28, 2024

  • 8.8

    HIGH
    CVE-2024-42362

    Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.... Read more

    Affected Products : hertzbeat
    • Published: Aug. 20, 2024
    • Modified: Aug. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-45037

    The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS accou... Read more

    Affected Products :
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 5.9

    MEDIUM
    CVE-2024-5288

    An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connectio... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 5.1

    MEDIUM
    CVE-2024-5814

    A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server h... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 4.1

    MEDIUM
    CVE-2024-1544

    Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by d... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 7.5

    HIGH
    CVE-2024-45038

    Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware is subject to a denial of serivce vulnerability in MQTT ... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 7.5

    HIGH
    CVE-2024-45049

    Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by app... Read more

    Affected Products :
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 5.3

    MEDIUM
    CVE-2024-7573

    The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for... Read more

    Affected Products :
    • Published: Aug. 28, 2024
    • Modified: Aug. 28, 2024

  • 5.9

    MEDIUM
    CVE-2024-7608

    An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.... Read more

    Affected Products :
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024
Showing 20 of 290162 Results