Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-50333

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data int... Read more

    Affected Products : suitecrm
    • Published: Nov. 05, 2024
    • Modified: Nov. 13, 2024

  • 6.8

    MEDIUM
    CVE-2024-40239

    An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.... Read more

    Affected Products : life
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 6.8

    MEDIUM
    CVE-2024-40240

    An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.... Read more

    Affected Products : homeserve
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 7.2

    HIGH
    CVE-2024-51152

    File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component.... Read more

    Affected Products : laravel_cms
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 6.4

    MEDIUM
    CVE-2024-10325

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it po... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 8.7

    HIGH
    CVE-2020-26305

    CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.... Read more

    Affected Products : commonregexjs
    • Published: Oct. 26, 2024
    • Modified: Nov. 13, 2024

  • 8.7

    HIGH
    CVE-2020-26304

    Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any fixes are available.... Read more

    Affected Products : foundation
    • Published: Oct. 26, 2024
    • Modified: Nov. 13, 2024

  • 5.1

    MEDIUM
    CVE-2024-50559

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 8.7

    HIGH
    CVE-2020-26303

    insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.... Read more

    Affected Products : insane
    • Published: Oct. 26, 2024
    • Modified: Nov. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-50558

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-50557

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-9440

    Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depen... Read more

    Affected Products : slim_select
    • Published: Oct. 02, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-50461

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.14.... Read more

    Affected Products : embedpress
    • Published: Oct. 28, 2024
    • Modified: Nov. 13, 2024

  • 5.9

    MEDIUM
    CVE-2024-50460

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FirelightWP Firelight Lightbox allows Stored XSS.This issue affects Firelight Lightbox: from n/a through 2.3.3.... Read more

    Affected Products : firelight_lightbox
    • Published: Oct. 28, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-50458

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS.This issue affects Advanced Sermons: from n/a through 3.4.... Read more

    Affected Products : advanced_sermons
    • Published: Oct. 28, 2024
    • Modified: Nov. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-50451

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF):... Read more

    Affected Products : meta_data_and_taxonomies_filter
    • Published: Oct. 28, 2024
    • Modified: Nov. 13, 2024

  • 7.0

    HIGH
    CVE-2024-49504

    grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 7.0

    HIGH
    CVE-2024-9841

    A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 7.8

    HIGH
    CVE-2024-50222

    In the Linux kernel, the following vulnerability has been resolved: iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP generic/077 on x86_32 CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP=y with highmem, on huge=always tmpfs, issues a warning and the... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-50223

    In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereference error in task_numa_work(). Here is th... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 291513 Results