Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2024-43444

    Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS... Read more

    Affected Products : otrs
    • Published: Aug. 26, 2024
    • Modified: Aug. 26, 2024

  • 4.8

    MEDIUM
    CVE-2024-41774

    IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : common_licensing
    • Published: Aug. 13, 2024
    • Modified: Aug. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-7934

    A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file execute.php. The manipulation of the argument code leads to sql injec... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 19, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-7933

    A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been classified as critical. Affected is an unknown function of the file login1.php of the component Backend Login. The manipulation of the argument user leads to sql ... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 19, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-7935

    A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file print.php. The manipulation of the argument map_id leads to sql injection. The... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 19, 2024
    • Modified: Aug. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-42852

    Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2023-50314

    IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain se... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 14, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-35152

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.... Read more

    Affected Products : db2
    • Published: Aug. 14, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-37529

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.... Read more

    Affected Products : db2
    • Published: Aug. 14, 2024
    • Modified: Aug. 23, 2024

  • 6.8

    MEDIUM
    CVE-2024-24580

    Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 23, 2024

  • 4.8

    MEDIUM
    CVE-2024-7428

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 4.8

    MEDIUM
    CVE-2024-7427

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05,... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-43794

    OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specia... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-7954

    The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.... Read more

    Affected Products : spip
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-41976

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M8... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 23, 2024

  • 8.0

    HIGH
    CVE-2024-41977

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M8... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2024-39338

    axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.... Read more

    Affected Products : axios
    • Published: Aug. 12, 2024
    • Modified: Aug. 23, 2024

  • 8.0

    HIGH
    CVE-2024-42915

    A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and com... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 7.1

    HIGH
    CVE-2024-41978

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M8... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-43032

    autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024
Showing 20 of 290145 Results