Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-52913

    In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 21, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2022-48938

    In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this wil... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2022-48910

    In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6_mc_down() at most once There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: either the network device is actually going down, or IPv... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2023-29126

    The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 9.0

    CRITICAL
    CVE-2023-29125

    A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 9.6

    CRITICAL
    CVE-2023-29121

    Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 9.6

    CRITICAL
    CVE-2023-29120

    Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 9.6

    CRITICAL
    CVE-2023-29119

    Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 9.6

    CRITICAL
    CVE-2023-29118

    Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2023-29117

    Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2023-29116

    Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2023-29115

    In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9178

    The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products : xt_floating_cart_for_woocommerce
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-9657

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to i... Read more

    Affected Products : element_pack
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-9867

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and inc... Read more

    Affected Products : element_pack
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 7.3

    HIGH
    CVE-2024-10263

    The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a va... Read more

    Affected Products : tickera
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-10329

    The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, w... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 10.0

    CRITICAL
    CVE-2024-50495

    Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1.... Read more

    Affected Products : plugin_propagator
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-43937

    Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.... Read more

    Affected Products : wp_crowdfunding
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-51739

    Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the use... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024
Showing 20 of 291205 Results