Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    CVSS31
    CVE-2024-45458

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 7.1

    CVSS31
    CVE-2024-44060

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.8

    CVSS31
    CVE-2024-32034

    decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or ... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.7

    CVSS31
    CVE-2024-34543

    Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.7

    CVSS31
    CVE-2024-34153

    Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44063

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.... Read more

    Affected Products : happyforms
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-8780

    OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-45457

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more

    Affected Products : spiffy_calendar
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-8778

    OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44058

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44062

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.... Read more

    Affected Products : custom_field_template
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44056

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-33848

    Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-45456

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.... Read more

    Affected Products : wp_meta_seo
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44059

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-32940

    Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44057

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.5

    CVSS31
    CVE-2024-44054

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.... Read more

    Affected Products :
    • Published: Sep. 15, 2024
    • Modified: Sep. 16, 2024

  • 6.3

    CVSS31
    CVE-2024-38315

    IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 6.1

    CVSS31
    CVE-2024-8776

    SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024
Showing 20 of 86 Results