Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-49557

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potential... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 3.3

    LOW
    CVE-2024-48838

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-49558

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-49560

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-11127

    A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The a... Read more

    Affected Products : job_recruitment
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-8376

    In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.... Read more

    Affected Products : mosquitto
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51585

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon – Elementor & Beaver Builder allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from... Read more

    Affected Products : sales_page_addon
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51662

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.6.... Read more

    Affected Products : black_widgets_for_elementor
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51594

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafel Sansó Gmap Point List allows Stored XSS.This issue affects Gmap Point List: from n/a through 1.1.2.... Read more

    Affected Products : gmap_point_list
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 5.7

    MEDIUM
    CVE-2024-9539

    An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishin... Read more

    Affected Products : enterprise_server
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 4.4

    MEDIUM
    CVE-2024-6985

    A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The ... Read more

    Affected Products : lollms
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51592

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bnayawpguy Meta Store Elements allows DOM-Based XSS.This issue affects Meta Store Elements: from n/a through 1.0.9.... Read more

    Affected Products : meta_store_elements
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51595

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sksdev SKSDEV Toolkit allows Stored XSS.This issue affects SKSDEV Toolkit: from n/a through 1.0.0.... Read more

    Affected Products : sksdev_toolkit
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51596

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nilesh Shiragave Business allows Stored XSS.This issue affects Business: from n/a through 1.3.... Read more

    Affected Products : business
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-5474

    A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation o... Read more

    Affected Products : dolby_vision_provisioning
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 9.5

    CRITICAL
    CVE-2024-9487

    An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation requi... Read more

    Affected Products : enterprise_server
    • Published: Oct. 10, 2024
    • Modified: Nov. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-51599

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Russell Albin Simple Business Manager allows Stored XSS.This issue affects Simple Business Manager: from n/a through 4.6.7.4.... Read more

    Affected Products : simple_business_manager
    • Published: Nov. 09, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-47867

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to t... Read more

    Affected Products : gradio
    • Published: Oct. 10, 2024
    • Modified: Nov. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9822

    The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to l... Read more

    Affected Products : pedalo_connector
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 7.8

    HIGH
    CVE-2024-34662

    Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.... Read more

    Affected Products : android android
    • Published: Oct. 08, 2024
    • Modified: Nov. 15, 2024
Showing 20 of 291395 Results