Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-7835

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exnet Informatics Software Ferry Reservation System allows Reflected XSS.This issue affects Ferry Reservation System: before 240805-002.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-45489

    Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This ins... Read more

    Affected Products :
    • Published: Sep. 20, 2024
    • Modified: Sep. 26, 2024

  • 8.8

    HIGH
    CVE-2024-47210

    Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.... Read more

    Affected Products :
    • Published: Sep. 21, 2024
    • Modified: Sep. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-44048

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for Wo... Read more

    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 7.6

    HIGH
    CVE-2024-41228

    A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-42697

    Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function.... Read more

    Affected Products :
    • Published: Sep. 20, 2024
    • Modified: Sep. 26, 2024

  • 9.3

    CRITICAL
    CVE-2024-7735

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection.This issue affects Ferry Reservation System: before 240805-002.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-34331

    A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.... Read more

    Affected Products : parallels_desktop
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 6.6

    MEDIUM
    CVE-2024-44540

    Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2023-46948

    A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.... Read more

    Affected Products : t24
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 6.6

    MEDIUM
    CVE-2024-39342

    Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys ar... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-20496

    A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a ... Read more

    Affected Products : sd-wan_vedge_router
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-42506

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitati... Read more

    Affected Products : arubaos
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.3

    CRITICAL
    CVE-2024-4657

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS.This issue affects BAP Automation: before 30840.... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 7.1

    HIGH
    CVE-2024-43959

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themepoints Testimonials allows Reflected XSS.This issue affects Testimonials: from n/a through 3.0.8.... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 7.5

    HIGH
    CVE-2024-8175

    An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.... Read more

    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 5.5

    MEDIUM
    CVE-2024-9169

    The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products : litespeed_cache
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 8.7

    HIGH
    CVE-2024-8497

    Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.... Read more

    Affected Products : ts-550_evo_firmware
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-42505

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitati... Read more

    Affected Products : arubaos
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 8.0

    HIGH
    CVE-2024-46461

    VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of... Read more

    Affected Products : vlc_media_player
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024
Showing 20 of 293559 Results