Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-45880

    A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC addr... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 8.2

    HIGH
    CVE-2024-46539

    Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS).... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-8884

    CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 5.1

    MEDIUM
    CVE-2024-46886

    The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user ... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-34672

    Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 5.3

    MEDIUM
    CVE-2024-9622

    A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transitio... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 5.1

    MEDIUM
    CVE-2024-47095

    Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 6.1

    MEDIUM
    CVE-2024-9207

    The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated att... Read more

    Affected Products : buddypress_docs
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-41798

    A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass th... Read more

    Affected Products : sentron_pac3200_firmware
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 7.5

    HIGH
    CVE-2024-25885

    An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 6.7

    MEDIUM
    CVE-2024-38818

    VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.4

    MEDIUM
    CVE-2024-47816

    ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the centr... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-47832

    ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits... Read more

    Affected Products : ssoready
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 2.9

    LOW
    CVE-2024-47813

    Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type regis... Read more

    Affected Products : wasmtime
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 6.7

    MEDIUM
    CVE-2024-38817

    VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-38815

    VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.... Read more

    Affected Products : cloud_foundation cloud_foundation
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.7

    HIGH
    CVE-2024-39525

    An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and re... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.7

    HIGH
    CVE-2024-39515

    An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause r... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 9.1

    CRITICAL
    CVE-2024-45160

    Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 8.4

    HIGH
    CVE-2023-37154

    check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 294533 Results