Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.8

    CVSS31
    CVE-2024-38437

    D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 9.8

    CVSS31
    CVE-2024-6636

    The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Jul. 20, 2024
    • Modified: Jul. 20, 2024
  • 9.8

    CVSS31
    CVE-2024-38438

    D-Link - CWE-294: Authentication Bypass by Capture-replay... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 8.8

    CVSS31
    CVE-2024-6965

    A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack ca... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 8.8

    CVSS31
    CVE-2024-6963

    A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. T... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 8.8

    CVSS31
    CVE-2024-6497

    The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for a... Read more

    Affected Products : seo_plugin_by_squirrly_seo
    • Published: Jul. 20, 2024
    • Modified: Jul. 20, 2024
  • 8.8

    CVSS31
    CVE-2024-6964

    A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possib... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 8.8

    CVSS31
    CVE-2024-6962

    A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be ini... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 7.5

    CVSS31
    CVE-2024-6960

    The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no ... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 7.3

    CVSS31
    CVE-2024-6957

    A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is ... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 7.3

    CVSS31
    CVE-2024-6635

    The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Jul. 20, 2024
    • Modified: Jul. 20, 2024
  • 7.3

    CVSS31
    CVE-2024-6637

    The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for un... Read more

    Affected Products :
    • Published: Jul. 20, 2024
    • Modified: Jul. 20, 2024
  • 7.3

    CVSS31
    CVE-2024-6966

    A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument user/pass lea... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Jul. 22, 2024
  • 7.1

    CVSS31
    CVE-2024-37559

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echenley Counterpoint allows Reflected XSS.This issue affects Counterpoint: from n/a through 1.8.1.... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 7.1

    CVSS31
    CVE-2024-38680

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Appmaker Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps allows Reflected XSS.This issue affects Appmaker – Convert WooCommerce... Read more

    Affected Products :
    • Published: Jul. 20, 2024
    • Modified: Jul. 20, 2024
  • 7.1

    CVSS31
    CVE-2024-37487

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectorykit.Com WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
  • 7.1

    CVSS31
    CVE-2024-37961

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codoc.Jp allows Stored XSS.This issue affects codoc: from n/a through 0.9.51.12.... Read more

    Affected Products :
    • Published: Jul. 20, 2024
    • Modified: Jul. 20, 2024
  • 7.1

    CVSS31
    CVE-2024-38672

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in namithjawahar AdPush allows Reflected XSS.This issue affects AdPush: from n/a through 1.50.... Read more

    Affected Products :
    • Published: Jul. 20, 2024
    • Modified: Jul. 20, 2024
  • 7.1

    CVSS31
    CVE-2024-37954

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.... Read more

    Affected Products :
    • Published: Jul. 20, 2024
    • Modified: Jul. 20, 2024
  • 7.1

    CVSS31
    CVE-2024-37509

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maksekeskus AS MakeCommerce for WooCommerce allows Reflected XSS.This issue affects MakeCommerce for WooCommerce: from n/a through 3.5.1.... Read more

    Affected Products :
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2024
Showing 20 of 170 Results