Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-42681

    Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.... Read more

    Affected Products : xxl-job
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 6.8

    MEDIUM
    CVE-2023-24064

    Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.... Read more

    Affected Products : vynamic_security_suite
    • Published: Aug. 08, 2024
    • Modified: Aug. 19, 2024

  • 6.6

    MEDIUM
    CVE-2023-28865

    Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. ... Read more

    Affected Products : vynamic_security_suite
    • Published: Aug. 08, 2024
    • Modified: Aug. 19, 2024

  • 7.5

    HIGH
    CVE-2023-33206

    Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to mani... Read more

    Affected Products : vynamic_security_suite
    • Published: Aug. 08, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-20789

    Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-20790

    Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requi... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-25157

    An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure o... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-34117

    Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows photoshop
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-34124

    Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a ... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-34125

    Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requi... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-34126

    Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requi... Read more

    Affected Products : dimension
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-41840

    Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op... Read more

    Affected Products : macos windows bridge
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 7.8

    HIGH
    CVE-2024-39386

    Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op... Read more

    Affected Products : macos windows bridge
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-39387

    Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue ... Read more

    Affected Products : macos windows bridge
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7907

    A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injecti... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7908

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer ov... Read more

    Affected Products : ex1200l_firmware ex1200l
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 7.2

    HIGH
    CVE-2024-7910

    A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The mani... Read more

    Affected Products : online_railway_reservation_system
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7911

    A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file... Read more

    Affected Products : simple_online_bidding_system
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-42353

    WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base U... Read more

    Affected Products : webob
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-41866

    InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in ... Read more

    Affected Products : macos windows indesign
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024
Showing 20 of 291335 Results