Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-7700

    A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the... Read more

    Affected Products : satellite foreman
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-44112

    Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data tab... Read more

    Affected Products : oil_\%\/_gas
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.7

    LOW
    CVE-2024-41728

    Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.7

    LOW
    CVE-2024-44114

    SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 9.9

    CRITICAL
    CVE-2024-37288

    A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en... Read more

    Affected Products : kibana
    • Published: Sep. 09, 2024
    • Modified: Sep. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-8586

    WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to ... Read more

    Affected Products : webitr
    • Published: Sep. 09, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-8568

    A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to l... Read more

    Affected Products : mini-tmall tmall_demo
    • Published: Sep. 08, 2024
    • Modified: Sep. 16, 2024

  • 6.3

    MEDIUM
    CVE-2024-44798

    phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters.... Read more

    Affected Products : bus_pass_management_system
    • Published: Sep. 13, 2024
    • Modified: Sep. 16, 2024

  • 7.8

    HIGH
    CVE-2024-41857

    Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... Read more

    Affected Products : macos windows illustrator
    • Published: Sep. 13, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-39385

    Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue r... Read more

    Affected Products : macos premiere_pro windows
    • Published: Sep. 13, 2024
    • Modified: Sep. 16, 2024

  • 7.8

    HIGH
    CVE-2024-39384

    Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : macos premiere_pro windows
    • Published: Sep. 13, 2024
    • Modified: Sep. 16, 2024

  • 7.8

    HIGH
    CVE-2024-38641

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability... Read more

    Affected Products : quts_hero qts
    • Published: Sep. 06, 2024
    • Modified: Sep. 16, 2024

  • 7.8

    HIGH
    CVE-2024-38642

    An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerabilit... Read more

    Affected Products : qumagie
    • Published: Sep. 06, 2024
    • Modified: Sep. 16, 2024

  • 7.0

    HIGH
    CVE-2024-38640

    A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following vers... Read more

    Affected Products : download_station
    • Published: Sep. 06, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-44996

    In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion co... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-34134

    Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this iss... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 14, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-41873

    Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos media_encoder windows
    • Published: Sep. 13, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-41872

    Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos media_encoder windows
    • Published: Sep. 13, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-41870

    Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos media_encoder windows
    • Published: Sep. 13, 2024
    • Modified: Sep. 16, 2024

  • 7.8

    HIGH
    CVE-2024-39377

    Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos media_encoder windows
    • Published: Sep. 13, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 292735 Results