Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-52515

    Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-10934

    In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.... Read more

    Affected Products : openbsd openbsd
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 2.6

    LOW
    CVE-2024-52513

    Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommende... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2024-50800

    Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker to execute arbitrary code via the error parameter in URL... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.8

    MEDIUM
    CVE-2021-1494

    Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP heade... Read more

    Affected Products : firepower_threat_defense
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2022-20655

    A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affect... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2020-3431

    A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripti... Read more

    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 7.4

    HIGH
    CVE-2021-1285

    Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to impr... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-9850

    The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 7.3

    HIGH
    CVE-2024-9839

    The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running d... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-10592

    The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-11094

    The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract sensitive data such as redirects in... Read more

    Affected Products : 404_solution
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 7.2

    HIGH
    CVE-2024-9887

    The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of s... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 7.5

    HIGH
    CVE-2024-11318

    An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session ident... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-52399

    Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-3370

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-52403

    Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-11118

    The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings() function. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-52405

    Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-52407

    Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 292212 Results