Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-41171

    A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to s... Read more

    Affected Products : sinumerik_one_firmware
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 6.5

    MEDIUM
    CVE-2024-45286

    Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on i... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-42500

    HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-41729

    Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on conf... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 4.7

    MEDIUM
    CVE-2024-44120

    SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this craft... Read more

    Affected Products : netweaver
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 6.0

    MEDIUM
    CVE-2024-45283

    SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information bu... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 6.8

    MEDIUM
    CVE-2024-43781

    A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with usi... Read more

    Affected Products : sinumerik_one_firmware
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 8.7

    HIGH
    CVE-2024-43647

    A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 ... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-45285

    The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user w... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-44944

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, oth... Read more

    Affected Products : linux_kernel
    • Published: Aug. 30, 2024
    • Modified: Sep. 10, 2024

  • 8.8

    HIGH
    CVE-2024-44333

    D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 09, 2024

  • 8.8

    HIGH
    CVE-2024-44335

    D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 09, 2024

  • 8.8

    HIGH
    CVE-2024-44334

    D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI hand... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 09, 2024

  • 7.5

    HIGH
    CVE-2024-8509

    A vulnerability was found in Forklift Controller.  There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence ... Read more

    Affected Products :
    • Published: Sep. 06, 2024
    • Modified: Sep. 09, 2024

  • 9.0

    HIGH
    CVE-2024-8576

    A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc le... Read more

    Affected Products : t10_firmware t8_firmware t8 t10
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 9.0

    HIGH
    CVE-2024-8577

    A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of th... Read more

    Affected Products : t10_firmware t8_firmware t8 t10
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 9.0

    HIGH
    CVE-2024-8575

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The atta... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 8.8

    HIGH
    CVE-2024-8574

    A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os comm... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 9.0

    HIGH
    CVE-2024-8578

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer ove... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 09, 2024

  • 7.5

    HIGH
    CVE-2024-2541

    The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an ... Read more

    Affected Products : popup_builder
    • Published: Aug. 29, 2024
    • Modified: Sep. 09, 2024
Showing 20 of 292811 Results