Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-33958

    SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' param... Read more

    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-34118

    Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or ... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 14, 2024
    • Modified: Aug. 15, 2024

  • 7.8

    HIGH
    CVE-2024-34133

    Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 14, 2024
    • Modified: Aug. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-34135

    Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this iss... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 14, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-33957

    SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parame... Read more

    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-34136

    Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial ... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 14, 2024
    • Modified: Aug. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-34137

    Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 14, 2024
    • Modified: Aug. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-34138

    Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial ... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 14, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-42546

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-39228

    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell inject... Read more

    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-39227

    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permi... Read more

    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-39225

    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code ... Read more

    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 8.8

    HIGH
    CVE-2024-42744

    In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-7715

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 ... Read more

    • Published: Aug. 13, 2024
    • Modified: Aug. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-4187

    Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.... Read more

    Affected Products : filr
    • Published: Jul. 31, 2024
    • Modified: Aug. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-41955

    Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.... Read more

    Affected Products : mobile_security_framework
    • Published: Jul. 31, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-33960

    SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the foll... Read more

    Affected Products : credit_card debit_card_payment paypal
    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 7.1

    HIGH
    CVE-2024-33981

    Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '... Read more

    Affected Products : credit_card debit_card_payment paypal
    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 7.1

    HIGH
    CVE-2024-33980

    Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '... Read more

    Affected Products : credit_card debit_card_payment paypal
    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 7.1

    HIGH
    CVE-2024-33979

    Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'depar... Read more

    Affected Products : credit_card debit_card_payment paypal
    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024
Showing 20 of 290018 Results