Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-11064

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11063

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.2

    HIGH
    CVE-2024-11062

    The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.... Read more

    Affected Products : dsl6740c_firmware dsl6740c
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47178

    basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.... Read more

    Affected Products : basic-auth-connect
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-47530

    Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sa... Read more

    Affected Products : scout
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 4.6

    MEDIUM
    CVE-2024-47531

    Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data ... Read more

    Affected Products : scout
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47532

    RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in versi... Read more

    Affected Products : restrictedpython
    • Published: Sep. 30, 2024
    • Modified: Nov. 15, 2024

  • 5.1

    MEDIUM
    CVE-2024-11130

    A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be lau... Read more

    Affected Products : zzcms
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52355

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM – OpenStreetMap allows Stored XSS.This issue affects OSM – OpenStreetMap: from n/a through 6.1.2.... Read more

    Affected Products : openstreetmap
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52354

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through 1.1.... Read more

    Affected Products : web_stories_widgets_for_elementor
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52353

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects allows DOM-Based XSS.This issue affects Christian Science Bible Lesson Subjects: from n/a... Read more

    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-52352

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andrew Milo Postcasa Shortcode allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through 1.0.... Read more

    Affected Products : postcasa_shortcode
    • Published: Nov. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-49557

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potential... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 3.3

    LOW
    CVE-2024-48838

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-49558

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-49560

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-11127

    A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The a... Read more

    Affected Products : job_recruitment
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-8376

    In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.... Read more

    Affected Products : mosquitto
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51585

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon – Elementor & Beaver Builder allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from... Read more

    Affected Products : sales_page_addon
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51662

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.6.... Read more

    Affected Products : black_widgets_for_elementor
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024
Showing 20 of 291275 Results