Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-7905

    A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack re... Read more

    Affected Products : dedebiz
    • Published: Aug. 18, 2024
    • Modified: Aug. 20, 2024

  • 8.8

    HIGH
    CVE-2024-7904

    A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 lea... Read more

    Affected Products : dedebiz
    • Published: Aug. 18, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-42559

    An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 20, 2024

  • 8.8

    HIGH
    CVE-2024-7903

    A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/media_add.php of the component File Extension Handler. The manipulation of the argument upfile1 lead... Read more

    Affected Products : dedebiz
    • Published: Aug. 18, 2024
    • Modified: Aug. 20, 2024

  • 6.9

    MEDIUM
    CVE-2024-7902

    A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. ... Read more

    Affected Products : open_journal_systems
    • Published: Aug. 17, 2024
    • Modified: Aug. 20, 2024

  • 7.8

    HIGH
    CVE-2024-43852

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC299... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-7901

    A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross sit... Read more

    Affected Products : scada-lts
    • Published: Aug. 17, 2024
    • Modified: Aug. 20, 2024

  • 7.2

    HIGH
    CVE-2024-7899

    A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue affects some unknown processing of the file /panel/pages/1/edit of the component Backend. The manipulation leads to code injection. The attack may be initiated ... Read more

    Affected Products : innocms
    • Published: Aug. 17, 2024
    • Modified: Aug. 20, 2024

  • 5.1

    MEDIUM
    CVE-2024-7900

    A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Sit... Read more

    Affected Products : tpmecms tpmecms
    • Published: Aug. 17, 2024
    • Modified: Aug. 20, 2024

  • 6.0

    MEDIUM
    CVE-2024-5916

    An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, ca... Read more

    Affected Products : pan-os prisma_access
    • Published: Aug. 14, 2024
    • Modified: Aug. 20, 2024

  • 6.3

    MEDIUM
    CVE-2024-37028

    BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_next_central_manager
    • Published: Aug. 14, 2024
    • Modified: Aug. 20, 2024

  • 7.8

    HIGH
    CVE-2024-39383

    Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 20, 2024

  • 5.3

    MEDIUM
    CVE-2024-41723

    Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 20, 2024

  • 8.7

    HIGH
    CVE-2024-41727

    In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Techn... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-7866

    In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.... Read more

    Affected Products : xpdf
    • Published: Aug. 15, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-7838

    A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The... Read more

    Affected Products : online_food_ordering_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 20, 2024

  • 7.7

    HIGH
    CVE-2024-27120

    A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in... Read more

    Affected Products : comfortkey
    • Published: Aug. 14, 2024
    • Modified: Aug. 20, 2024

  • 8.8

    HIGH
    CVE-2024-7792

    A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible ... Read more

    Affected Products : task_progress_tracker
    • Published: Aug. 14, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-33872

    Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.... Read more

    Affected Products : command
    • Published: Aug. 20, 2024
    • Modified: Aug. 20, 2024

  • 8.8

    HIGH
    CVE-2024-22069

    There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords... Read more

    • Published: Aug. 08, 2024
    • Modified: Aug. 20, 2024
Showing 20 of 291756 Results