Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    CVSS31
    CVE-2024-8946

    A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible... Read more

    Affected Products : micropython
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.3

    CVSS31
    CVE-2024-8944

    A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to... Read more

    Affected Products : hospital_management_system
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.2

    CVSS31
    CVE-2024-42503

    Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 18, 2024

  • 7.2

    CVSS31
    CVE-2024-8761

    The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated att... Read more

    Affected Products : share_this_image
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.2

    CVSS31
    CVE-2022-25769

    ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, no... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.2

    CVSS31
    CVE-2024-42501

    An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 18, 2024

  • 7.2

    CVSS31
    CVE-2024-8957

    PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When cha... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.2

    CVSS31
    CVE-2024-42502

    Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    CVSS31
    CVE-2024-44003

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through 1.2.5.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    CVSS31
    CVE-2024-45606

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have per... Read more

    Affected Products : sentry
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-44002

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    CVSS31
    CVE-2024-43971

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    CVSS31
    CVE-2024-43970

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    CVSS31
    CVE-2024-44009

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-43975

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 7.1

    CVSS31
    CVE-2024-44007

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.1

    CVSS31
    CVE-2024-44064

    Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024

  • 7.0

    CVSS31
    CVE-2022-25768

    The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number... Read more

    Affected Products :
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 6.6

    CVSS31
    CVE-2022-25775

    Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manip... Read more

    Affected Products : mautic
    • Published: Sep. 18, 2024
    • Modified: Sep. 18, 2024

  • 6.5

    CVSS31
    CVE-2024-45815

    Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog AP... Read more

    Affected Products : backstage
    • Published: Sep. 17, 2024
    • Modified: Sep. 17, 2024
Showing 20 of 348 Results