Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-7733

    A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotel... Read more

    Affected Products : fastcms fastcms
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 5.4

    MEDIUM
    CVE-2024-44837

    A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.... Read more

    Affected Products : drug
    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 10.0

    CRITICAL
    CVE-2024-6445

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before v3.1.7.... Read more

    Affected Products : datadiodex
    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-44401

    D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file... Read more

    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2023-52907

    In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_ur... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-42470

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for... Read more

    Affected Products : openhab openhab_web_interface
    • Published: Aug. 12, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-42469

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existi... Read more

    Affected Products : openhab openhab_web_interface
    • Published: Aug. 12, 2024
    • Modified: Sep. 12, 2024

  • 7.5

    HIGH
    CVE-2024-42468

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server... Read more

    Affected Products : openhab openhab_web_interface
    • Published: Aug. 12, 2024
    • Modified: Sep. 12, 2024

  • 6.1

    MEDIUM
    CVE-2024-6450

    HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.... Read more

    Affected Products : geoportal_toolkit
    • Published: Aug. 28, 2024
    • Modified: Sep. 12, 2024

  • 7.5

    HIGH
    CVE-2024-45624

    Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.... Read more

    Affected Products : pgpool-ii
    • Published: Sep. 12, 2024
    • Modified: Sep. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-6449

    HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scri... Read more

    Affected Products : geoportal_toolkit
    • Published: Aug. 28, 2024
    • Modified: Sep. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-8707

    A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument u... Read more

    Affected Products : online_school_system
    • Published: Sep. 12, 2024
    • Modified: Sep. 12, 2024

  • 7.7

    HIGH
    CVE-2024-4555

    Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1... Read more

    Affected Products : netiq_access_manager
    • Published: Aug. 28, 2024
    • Modified: Sep. 12, 2024

  • 7.5

    HIGH
    CVE-2024-4556

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.... Read more

    Affected Products : netiq_access_manager
    • Published: Aug. 28, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2023-52908

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL dereference Fix potential NULL dereference, in the case when "man", the resource manager might be NULL, when/if we print debug information.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 12, 2024

  • 4.7

    MEDIUM
    CVE-2023-52909

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating a regular NFSv4 file") added the ability to cache an o... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 12, 2024

  • 7.8

    HIGH
    CVE-2024-41173

    The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.... Read more

    • Published: Aug. 27, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2023-52911

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode (e.g. iMX platforms). Unable to... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 12, 2024

  • 5.5

    MEDIUM
    CVE-2023-52910

    In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when iovad->cach... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 12, 2024

  • 6.3

    MEDIUM
    CVE-2024-33005

    Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could l... Read more

    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024
Showing 20 of 292758 Results