Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-5412

    A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable devi... Read more

    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-8178

    The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the h... Read more

    Affected Products : freebsd
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 4.8

    MEDIUM
    CVE-2024-6498

    The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallo... Read more

    Affected Products : collect.chat
    • Published: Aug. 05, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-45063

    The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution... Read more

    Affected Products : freebsd
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 7.5

    HIGH
    CVE-2024-44073

    The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.... Read more

    Affected Products : miniscript
    • Published: Aug. 19, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-42919

    eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Sep. 06, 2024

  • 7.8

    HIGH
    CVE-2024-42679

    SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.... Read more

    • Published: Aug. 15, 2024
    • Modified: Sep. 06, 2024

  • 8.6

    HIGH
    CVE-2024-39713

    A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.... Read more

    Affected Products : rocket.chat
    • Published: Aug. 05, 2024
    • Modified: Sep. 06, 2024

  • 7.2

    HIGH
    CVE-2024-7694

    ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on ... Read more

    Affected Products : threatsonar_anti-ransomware
    • Published: Aug. 12, 2024
    • Modified: Sep. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-8123

    The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This ma... Read more

    Affected Products : wp_extended
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-20488

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cr... Read more

    Affected Products : unified_communications_manager
    • Published: Aug. 21, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8387

    Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8385

    A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8384

    The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Fire... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8381

    A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Th... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 8.6

    HIGH
    CVE-2024-45294

    The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by variou... Read more

    Affected Products :
    • Published: Sep. 06, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-43240

    Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6.... Read more

    Affected Products : ultimate_membership_pro
    • Published: Aug. 19, 2024
    • Modified: Sep. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-43242

    Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6.... Read more

    Affected Products : ultimate_membership_pro
    • Published: Aug. 19, 2024
    • Modified: Sep. 06, 2024

  • 7.5

    HIGH
    CVE-2024-7693

    Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server.... Read more

    Affected Products : raidenmaild
    • Published: Aug. 12, 2024
    • Modified: Sep. 06, 2024

  • 6.0

    MEDIUM
    CVE-2024-45405

    `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installati... Read more

    Affected Products :
    • Published: Sep. 06, 2024
    • Modified: Sep. 06, 2024
Showing 20 of 293284 Results