Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2020-11846

    A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3... Read more

    Affected Products : netiq_privileged_access_manager
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.3

    HIGH
    CVE-2020-11850

    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6... Read more

    Affected Products : netiq_self_service_password_reset
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2024-6329

    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the pat... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Aug. 23, 2024

  • 5.4

    MEDIUM
    CVE-2024-4784

    An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2024-28972

    Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more

    Affected Products : insightiq
    • Published: Aug. 01, 2024
    • Modified: Aug. 23, 2024

  • 7.8

    HIGH
    CVE-2024-37008

    A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    Affected Products : revit revit_lt
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.8

    HIGH
    CVE-2023-22576

    Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on th... Read more

    Affected Products : repository_manager
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-4210

    A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc... Read more

    Affected Products : gitlab
    • Published: Aug. 08, 2024
    • Modified: Aug. 23, 2024

  • 8.0

    HIGH
    CVE-2024-7448

    Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this ... Read more

    Affected Products : axiom
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.8

    HIGH
    CVE-2024-6141

    Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on ... Read more

    Affected Products : windscribe
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.8

    HIGH
    CVE-2024-5930

    VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the abil... Read more

    Affected Products : advanced_security
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.8

    HIGH
    CVE-2024-5929

    VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain... Read more

    Affected Products : advanced_security
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.8

    HIGH
    CVE-2024-5928

    VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to ex... Read more

    Affected Products : advanced_security
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.1

    HIGH
    CVE-2024-5762

    Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability... Read more

    Affected Products : zen_cart
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-7327

    A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The att... Read more

    Affected Products : xinhu rockoa
    • Published: Jul. 31, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-7795

    Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharg... Read more

    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.8

    HIGH
    CVE-2024-7604

    Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exp... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.1

    HIGH
    CVE-2024-7603

    Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is requ... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-7602

    Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.1

    HIGH
    CVE-2024-7601

    Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentica... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024
Showing 20 of 291562 Results