CVEs Published

Latest Blog Articles

What's new in SecDB 24.8
2024-08-12
What's new in SecDB 24.8

This new version of SecDB brings new features and improvements. Added CVSS v4.0 support Last November 2023, the final specifications for CVSS v4.0 were released by FIRST and organizations and vendors began adopting the new standard for determining vulnerability severity. In late June 2024, NIST...

Read more
CWE 4.14 is available
2024-03-01
CWE 4.14 is available

MITRE has released version 4.14 of the Common Weakness Enumeration (CWE) with a new weakness for "Hardware Micro Architectures", a view for "ISA/IEC 62443 Requirements", and new demonstrative examples from "HACK@DAC". Changes in 4.14 New Waknesses: CWE-1420: Exposure of Sensitive Information du...

Read more
What's new in SecDB 24.2
2024-02-29
What's new in SecDB 24.2

This new version of SecDB brings new features and improvements. Polished UI, improved support for EPSS, Web & Social references (from Reddit and Mastodon) in CVEs, new Security Advisories and sections (NASL & NVT and Packages), and much more. Improved the EPSS (Exploit Prediction Scoring System) s...

Read more

Latest Vulnerabilities

CVE-2024-9008
2024-09-19

CVSS4 5.3 CVSS3 6.3 CVSS2 6.5 CWE-89

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affec...

CVE-2024-7207
2024-09-19

CVSS3 8.2 CWE-20

A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes...

CVE-2024-9006
2024-09-19

CVSS4 5.3 CVSS3 6.3 CVSS2 6.5 CWE-94

A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some ...

CVE-2024-9007
2024-09-19

CVSS4 5.3 CVSS3 3.5 CVSS2 4 CWE-79

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of...

CVE-2024-46984
2024-09-19

CVSS3 8.6 CWE-611

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperabil...

CVE-2023-27584
2024-09-19

CVSS3 9.8 CWE-321

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native ...

CVE-2024-45410
2024-09-19

CVSS3 9.8 CWE-345 CWE-348

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers s...

CVE-2024-45614
2024-09-19

CVSS3 5.4 CWE-639

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermedi...

CVE-2024-46983
2024-09-19

CVSS3 9.8 CWE-74

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses...

CVE-2024-38210
2024-08-22

CVSS3 7.8 CWE-125 CWE-NVD-noinfo

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability...

Loading...