Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    CVSS31
    CVE-2024-46326

    Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 4.8

    CVSS31
    CVE-2024-46240

    Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    CVSS31
    CVE-2024-45518

    An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitiza... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-10183

    A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.3

    CVSS31
    CVE-2024-40091

    Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 4.3

    CVSS31
    CVE-2024-40090

    Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.1

    CVSS31
    CVE-2024-40089

    A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.6

    CVSS31
    CVE-2024-40087

    Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.6

    CVSS31
    CVE-2024-40086

    A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.6

    CVSS31
    CVE-2024-40085

    A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.6

    CVSS31
    CVE-2024-40084

    A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 9.6

    CVSS31
    CVE-2024-40083

    A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length ... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-9287

    A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source v... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 0.0

    NONE
    CVE-2024-9129

    In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 7.8

    CVSS31
    CVE-2024-9050

    A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin f... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.2

    CVSS31
    CVE-2024-49211

    Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.2

    CVSS31
    CVE-2024-49210

    Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or Ja... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 6.5

    CVSS31
    CVE-2024-49209

    Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and up... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 5.9

    CVSS31
    CVE-2024-49208

    Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024

  • 4.1

    CVSS31
    CVE-2024-49373

    No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.... Read more

    Affected Products :
    • Published: Oct. 22, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 502 Results