Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-5928

    VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to ex... Read more

    Affected Products : advanced_security
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.1

    HIGH
    CVE-2024-5762

    Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability... Read more

    Affected Products : zen_cart
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-7327

    A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The att... Read more

    Affected Products : xinhu rockoa
    • Published: Jul. 31, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-7795

    Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharg... Read more

    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 7.8

    HIGH
    CVE-2024-7604

    Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exp... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.1

    HIGH
    CVE-2024-7603

    Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is requ... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-7602

    Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.1

    HIGH
    CVE-2024-7601

    Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentica... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.1

    HIGH
    CVE-2024-7600

    Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exp... Read more

    Affected Products : unified_secops_platform
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-7329

    A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It... Read more

    Affected Products : youdiancms
    • Published: Jul. 31, 2024
    • Modified: Aug. 23, 2024

  • 6.1

    MEDIUM
    CVE-2024-43407

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highligh... Read more

    Affected Products : ckeditor
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 6.5

    MEDIUM
    CVE-2024-43371

    CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files i... Read more

    Affected Products : ckan
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 8.8

    HIGH
    CVE-2024-7559

    The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for a... Read more

    Affected Products : file_manager_pro file_manager
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2024-43105

    Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 2.5

    LOW
    CVE-2024-43785

    gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form AN... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 7.5

    HIGH
    CVE-2024-7986

    A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a ... Read more

    Affected Products : thinmanager_thinserver
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 0.0

    NA
    CVE-2024-43883

    In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not ha... Read more

    Affected Products : linux_kernel
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024

  • 5.0

    MEDIUM
    CVE-2024-43787

    Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a res... Read more

    Affected Products : hono
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 9.6

    CRITICAL
    CVE-2023-6452

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed repo... Read more

    Affected Products : web_security
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 8.2

    HIGH
    CVE-2024-37311

    Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. ... Read more

    Affected Products : online richdocumentscode
    • Published: Aug. 23, 2024
    • Modified: Aug. 23, 2024
Showing 20 of 291570 Results