Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-6452

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed repo... Read more

    Affected Products : web_security
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2024-7986

    A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a ... Read more

    Affected Products : thinmanager_thinserver
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 8.2

    HIGH
    CVE-2024-37311

    Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. ... Read more

    Affected Products : online richdocumentscode
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 5.0

    MEDIUM
    CVE-2024-43787

    Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a res... Read more

    Affected Products : hono
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 0.0

    NA
    CVE-2024-43883

    In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not ha... Read more

    Affected Products : linux_kernel
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-32939

    Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visi... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 4.9

    MEDIUM
    CVE-2024-39810

    Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, su... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-39836

    Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-42782

    A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-42781

    A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-7330

    A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery.... Read more

    Affected Products : youdiancms
    • Published: Aug. 01, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-42780

    An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-40886

    Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Managem... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-42777

    An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-42779

    An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 5.3

    MEDIUM
    CVE-2024-42411

    Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-43813

    Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 6.0

    MEDIUM
    CVE-2023-50810

    In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the retu... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 23, 2024

  • 7.2

    HIGH
    CVE-2024-8071

    Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update thei... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-35151

    IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.... Read more

    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024
Showing 20 of 291395 Results