Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-6925

    The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : truebooker
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2022-48897

    In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for invalid pmd The page table check trigger BUG_ON() unexpectedly when split hugepage: ------------[ cut here ]------------ kernel BUG at mm/p... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-8570

    A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attac... Read more

    Affected Products : tailoring_management_system
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2022-48896

    In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrem... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-8571

    A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure throug... Read more

    Affected Products : roll_cms
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2022-48895

    In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-8572

    A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripti... Read more

    Affected Products : golang_cms
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2022-48894

    In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Don't unregister on shutdown Similar to SMMUv2, this driver calls iommu_device_unregister() from the shutdown path, which removes the IOMMU groups with no coordinatio... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Sep. 11, 2024

  • 6.1

    MEDIUM
    CVE-2024-42341

    Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')... Read more

    Affected Products : queuemetrics
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 4.3

    MEDIUM
    CVE-2024-42342

    Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')... Read more

    Affected Products : queuemetrics
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 7.5

    HIGH
    CVE-2024-42343

    Loway - CWE-204: Observable Response Discrepancy... Read more

    Affected Products : queuemetrics
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 6.5

    MEDIUM
    CVE-2024-8585

    Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files.... Read more

    Affected Products : orca_hcm
    • Published: Sep. 09, 2024
    • Modified: Sep. 11, 2024

  • 8.5

    HIGH
    CVE-2024-7325

    A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Att... Read more

    Affected Products : driver_booster
    • Published: Jul. 31, 2024
    • Modified: Sep. 11, 2024

  • 7.5

    HIGH
    CVE-2024-37728

    Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 11, 2024

  • 4.4

    MEDIUM
    CVE-2024-7480

    An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Ve... Read more

    Affected Products : aura_system_manager
    • Published: Aug. 08, 2024
    • Modified: Sep. 11, 2024

  • 6.7

    MEDIUM
    CVE-2024-7477

    A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Ve... Read more

    Affected Products : aura_system_manager
    • Published: Aug. 08, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-28298

    SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.... Read more

    Affected Products : bm_planning bmplanning
    • Published: Aug. 02, 2024
    • Modified: Sep. 11, 2024

  • 9.6

    CRITICAL
    CVE-2024-41127

    Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-... Read more

    Affected Products : monkeytype
    • Published: Aug. 02, 2024
    • Modified: Sep. 11, 2024

  • 8.8

    HIGH
    CVE-2024-7436

    A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated ... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Aug. 03, 2024
    • Modified: Sep. 11, 2024

  • 5.3

    MEDIUM
    CVE-2024-7438

    A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status ... Read more

    Affected Products : simple_machines_forum
    • Published: Aug. 03, 2024
    • Modified: Sep. 11, 2024
Showing 20 of 292652 Results