Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-45854

    Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    HIGH
    CVE-2024-45853

    Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45852

    Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-34127

    InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Aug. 14, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45851

    An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45850

    An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45849

    An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45848

    An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45847

    An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a datab... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.8

    HIGH
    CVE-2024-45846

    An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a d... Read more

    Affected Products : mindsdb
    • Published: Sep. 12, 2024
    • Modified: Sep. 16, 2024

  • 8.9

    HIGH
    CVE-2024-28100

    eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This ca... Read more

    Affected Products : elabftw
    • Published: Sep. 02, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-39747

    IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.... Read more

    • Published: Aug. 31, 2024
    • Modified: Sep. 16, 2024

  • 7.5

    HIGH
    CVE-2024-42481

    Skyport Daemon (skyportd) is the daemon for the Skyport Panel. By making thousands of folders & files (easy due to skyport's lack of rate limiting on createFolder. createFile), skyportd in a lot of cases will cause 100% CPU usage and an OOM, probably cras... Read more

    Affected Products : skyportd
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 7.8

    HIGH
    CVE-2024-8374

    UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which ar... Read more

    Affected Products : ultimaker_cura
    • Published: Sep. 03, 2024
    • Modified: Sep. 16, 2024

  • 6.4

    MEDIUM
    CVE-2024-43793

    Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and ... Read more

    Affected Products : halo
    • Published: Sep. 11, 2024
    • Modified: Sep. 16, 2024

  • 6.3

    MEDIUM
    CVE-2024-43792

    Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and ... Read more

    Affected Products : halo
    • Published: Sep. 02, 2024
    • Modified: Sep. 16, 2024

  • 8.2

    HIGH
    CVE-2024-42374

    BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can retrieve information from the SAP ADS system and exhaust the number of XMLForm service which makes the SAP ADS render... Read more

    • Published: Aug. 13, 2024
    • Modified: Sep. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-33003

    Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On succ... Read more

    Affected Products : commerce_cloud
    • Published: Aug. 13, 2024
    • Modified: Sep. 16, 2024

  • 5.8

    MEDIUM
    CVE-2024-7705

    A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argumen... Read more

    Affected Products : mwcms
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 6.7

    MEDIUM
    CVE-2024-39574

    Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products : insightiq
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 292762 Results