Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    CVSS30
    CVE-2024-40709

    A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 8.1

    CVSS30
    CVE-2024-39718

    An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 8.5

    CVSS30
    CVE-2024-39715

    A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 9.9

    CVSS30
    CVE-2024-39714

    A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 8.5

    CVSS30
    CVE-2024-38651

    A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 9.9

    CVSS30
    CVE-2024-38650

    An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 4.3

    CVSS31
    CVE-2024-8558

    A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument t... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 8.1

    CVSS30
    CVE-2024-36138

    Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achie... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 3.3

    CVSS30
    CVE-2024-36137

    A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 0.0

    NONE
    CVE-2023-46809

    Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed wh... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 0.0

    NONE
    CVE-2023-39333

    Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module w... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 0.0

    NONE
    CVE-2023-30587

    A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector). By exploiting the Worker class's ability to create an "internal worker" with the kIsIn... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 0.0

    NONE
    CVE-2023-30584

    A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was i... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 0.0

    NONE
    CVE-2023-30583

    fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API. Please note that at the time this ... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 0.0

    NONE
    CVE-2023-30582

    A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file w... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 6.3

    CVSS31
    CVE-2024-8557

    A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. This affects an unknown part of the file /foms/routers/cancel-order.php. The manipulation of the argument id leads to sql injection. It is possibl... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 4.3

    CVSS31
    CVE-2024-8555

    A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. I... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 7.5

    CVSS31
    CVE-2024-40681

    IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 3.5

    CVSS31
    CVE-2024-8554

    A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024

  • 5.5

    CVSS31
    CVE-2024-40680

    IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.... Read more

    Affected Products :
    • Published: Sep. 07, 2024
    • Modified: Sep. 07, 2024
Showing 20 of 123 Results