Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2024-42381

    os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-s... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 7.1

    HIGH
    CVE-2024-41253

    goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 4.4

    MEDIUM
    CVE-2024-41951

    Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4.... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 4.7

    MEDIUM
    CVE-2024-39694

    Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as ... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-39318

    The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authentica... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 7.5

    HIGH
    CVE-2024-41950

    Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 7.3

    HIGH
    CVE-2022-4001

    An authentication bypass vulnerability could allow an attacker to access API functions without authentication.... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-41660

    slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory ove... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 8.5

    HIGH
    CVE-2024-7324

    A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library madbasic_.bpl of the component BPL Handler. The manipulation leads to uncontro... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 9.4

    CRITICAL
    CVE-2024-7205

    When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.... Read more

    Affected Products : ewelink
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024

  • 7.2

    HIGH
    CVE-2024-6770

    The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024

  • 6.5

    MEDIUM
    CVE-2024-7135

    The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it... Read more

    Affected Products : tainacan
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024

  • 5.3

    MEDIUM
    CVE-2024-2508

    The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024
Showing 20 of 289993 Results