Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-8279

    A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.... Read more

    Affected Products :
    • Published: Sep. 13, 2024
    • Modified: Sep. 14, 2024

  • 8.8

    HIGH
    CVE-2024-43099

    The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this s... Read more

    Affected Products :
    • Published: Sep. 13, 2024
    • Modified: Sep. 14, 2024

  • 6.7

    MEDIUM
    CVE-2024-4550

    A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.... Read more

    Affected Products :
    • Published: Sep. 13, 2024
    • Modified: Sep. 14, 2024

  • 7.2

    HIGH
    CVE-2024-8278

    A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.... Read more

    Affected Products :
    • Published: Sep. 13, 2024
    • Modified: Sep. 14, 2024

  • 7.2

    HIGH
    CVE-2024-8280

    An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.... Read more

    Affected Products :
    • Published: Sep. 13, 2024
    • Modified: Sep. 14, 2024

  • 7.5

    HIGH
    CVE-2024-7928

    A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The a... Read more

    Affected Products : fastadmin
    • Published: Aug. 19, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-43931

    Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2023-34974

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the... Read more

    Affected Products : quts_hero qts qes qutscloud qvr
    • Published: Sep. 06, 2024
    • Modified: Sep. 13, 2024

  • 9.3

    CRITICAL
    CVE-2024-42037

    Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 08, 2024
    • Modified: Sep. 13, 2024

  • 8.2

    HIGH
    CVE-2024-32762

    A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center... Read more

    Affected Products : qulog_center
    • Published: Sep. 06, 2024
    • Modified: Sep. 13, 2024

  • 7.5

    HIGH
    CVE-2024-42036

    Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 08, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-43132

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / ... Read more

    Affected Products : docket
    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 4.8

    MEDIUM
    CVE-2024-27125

    A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following ver... Read more

    Affected Products : helpdesk
    • Published: Sep. 06, 2024
    • Modified: Sep. 13, 2024

  • 7.6

    HIGH
    CVE-2024-39658

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.... Read more

    Affected Products : salon_booking_system
    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-39653

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.... Read more

    Affected Products : vikrentcar
    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2024-39638

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.... Read more

    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2024-38793

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1.... Read more

    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 8.8

    HIGH
    CVE-2024-38486

    Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potent... Read more

    Affected Products : smartfabric_os10
    • Published: Sep. 06, 2024
    • Modified: Sep. 13, 2024

  • 7.6

    HIGH
    CVE-2024-38693

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.... Read more

    Affected Products : wp_user_frontend
    • Published: Aug. 29, 2024
    • Modified: Sep. 13, 2024

  • 9.2

    CRITICAL
    CVE-2024-1744

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.... Read more

    Affected Products : accord_ors
    • Published: Sep. 06, 2024
    • Modified: Sep. 13, 2024
Showing 20 of 292761 Results