Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2024-45283

    SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information bu... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-44121

    Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not i... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-41171

    A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to s... Read more

    Affected Products : sinumerik_one_firmware
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-42380

    The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiali... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-44944

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, oth... Read more

    Affected Products : linux_kernel
    • Published: Aug. 30, 2024
    • Modified: Sep. 10, 2024

  • 8.8

    HIGH
    CVE-2024-44333

    D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 09, 2024

  • 8.8

    HIGH
    CVE-2024-44335

    D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 09, 2024

  • 8.8

    HIGH
    CVE-2024-44334

    D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI hand... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 09, 2024

  • 7.5

    HIGH
    CVE-2024-8509

    A vulnerability was found in Forklift Controller.  There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence ... Read more

    Affected Products :
    • Published: Sep. 06, 2024
    • Modified: Sep. 09, 2024

  • 9.0

    HIGH
    CVE-2024-8576

    A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc le... Read more

    Affected Products : t10_firmware t8_firmware t8 t10
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 9.0

    HIGH
    CVE-2024-8577

    A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of th... Read more

    Affected Products : t10_firmware t8_firmware t8 t10
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 9.0

    HIGH
    CVE-2024-8575

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The atta... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 8.8

    HIGH
    CVE-2024-8574

    A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os comm... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 9.0

    HIGH
    CVE-2024-8578

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer ove... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 7.5

    HIGH
    CVE-2024-2541

    The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an ... Read more

    Affected Products : popup_builder
    • Published: Aug. 29, 2024
    • Modified: Sep. 09, 2024

  • 7.4

    HIGH
    CVE-2023-46809

    Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed wh... Read more

    Affected Products : node.js
    • Published: Sep. 07, 2024
    • Modified: Sep. 09, 2024

  • 9.9

    CRITICAL
    CVE-2024-39714

    A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Sep. 07, 2024
    • Modified: Sep. 09, 2024

  • 8.5

    HIGH
    CVE-2024-38651

    A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Sep. 07, 2024
    • Modified: Sep. 09, 2024

  • 8.5

    HIGH
    CVE-2024-39715

    A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Sep. 07, 2024
    • Modified: Sep. 09, 2024

  • 7.8

    HIGH
    CVE-2024-40709

    A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Sep. 07, 2024
    • Modified: Sep. 09, 2024
Showing 20 of 292646 Results