Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-6920

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.This issue affects NACPremium: through 01082024.... Read more

    Affected Products : nacpremium
    • Published: Sep. 02, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-6919

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024.... Read more

    Affected Products : nacpremium
    • Published: Sep. 02, 2024
    • Modified: Sep. 17, 2024

  • 7.2

    HIGH
    CVE-2024-38878

    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corres... Read more

    Affected Products : omnivise_t3000_application_server
    • Published: Aug. 02, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-7314

    anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.... Read more

    Affected Products : report
    • Published: Aug. 02, 2024
    • Modified: Sep. 17, 2024

  • 5.9

    MEDIUM
    CVE-2024-39626

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7.... Read more

    Affected Products : pretty_simple_popup_builder
    • Published: Aug. 01, 2024
    • Modified: Sep. 17, 2024

  • 8.5

    HIGH
    CVE-2024-38876

    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), O... Read more

    • Published: Aug. 02, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-46451

    TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 16, 2024
    • Modified: Sep. 17, 2024

  • 7.5

    HIGH
    CVE-2024-46424

    TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 16, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-46419

    TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 16, 2024
    • Modified: Sep. 17, 2024

  • 8.3

    HIGH
    CVE-2024-1621

    The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or simil... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-38811

    VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion appl... Read more

    Affected Products : fusion
    • Published: Sep. 03, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-7029

    Commands can be injected over the network and executed without authentication.... Read more

    Affected Products : avm1203_firmware avm1203
    • Published: Aug. 02, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-5290

    An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev g... Read more

    Affected Products : ubuntu_linux wpa_supplicant
    • Published: Aug. 07, 2024
    • Modified: Sep. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-42482

    fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the `pattern` input (specifically the command separator `;` and command substitution characters `(` and `)`) mean that arbitrary comma... Read more

    Affected Products : syntax-check
    • Published: Aug. 12, 2024
    • Modified: Sep. 17, 2024

  • 7.8

    HIGH
    CVE-2024-0107

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalati... Read more

    • Published: Aug. 08, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    HIGH
    CVE-2024-42033

    Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 08, 2024
    • Modified: Sep. 17, 2024

  • 7.8

    HIGH
    CVE-2024-44945

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-8779

    OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining... Read more

    Affected Products : omflow
    • Published: Sep. 16, 2024
    • Modified: Sep. 17, 2024

  • 8.8

    HIGH
    CVE-2024-43461

    Windows MSHTML Platform Spoofing Vulnerability... Read more

    • Actively Exploited
    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-8868

    A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be init... Read more

    Affected Products : crud_operation_system
    • Published: Sep. 15, 2024
    • Modified: Sep. 17, 2024
Showing 20 of 292870 Results