Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-50526

    Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.... Read more

    Affected Products : multi_purpose_mail_form
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-50527

    Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.... Read more

    Affected Products : stacks_mobile_app_builder
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-50528

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.... Read more

    Affected Products : stacks_mobile_app_builder
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.9

    CRITICAL
    CVE-2024-50529

    Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.... Read more

    Affected Products : training_-_courses
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-43924

    Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.... Read more

    Affected Products : responsive_lightbox
    • Published: Oct. 23, 2024
    • Modified: Nov. 06, 2024

  • 9.9

    CRITICAL
    CVE-2024-50530

    Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7.... Read more

    Affected Products : stars_smtp_mailer
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 6.5

    MEDIUM
    CVE-2024-5764

    Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, amo... Read more

    Affected Products : nexus_repository_manager nexus
    • Published: Oct. 23, 2024
    • Modified: Nov. 06, 2024

  • 7.2

    HIGH
    CVE-2024-10505

    A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotel... Read more

    Affected Products : wuzhicms
    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 1.9

    LOW
    CVE-2023-31305

    Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-50531

    Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.... Read more

    Affected Products : rsvpmaker
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-10597

    A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possibl... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-9686

    The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for u... Read more

    Affected Products : order_notification_for_telegram
    • Published: Oct. 25, 2024
    • Modified: Nov. 06, 2024

  • 4.5

    MEDIUM
    CVE-2024-10372

    A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attac... Read more

    Affected Products : buzz
    • Published: Oct. 25, 2024
    • Modified: Nov. 06, 2024

  • 6.4

    MEDIUM
    CVE-2024-10148

    The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This ma... Read more

    Affected Products : awesome_buttons
    • Published: Oct. 25, 2024
    • Modified: Nov. 06, 2024

  • 8.1

    HIGH
    CVE-2024-10011

    The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on f... Read more

    Affected Products : buddypress
    • Published: Oct. 25, 2024
    • Modified: Nov. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-51561

    This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the se... Read more

    Affected Products : aero wave_2.0
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 6.9

    MEDIUM
    CVE-2024-9147

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.2.1.... Read more

    Affected Products : pospratik
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-51582

    Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4.... Read more

    Affected Products : wp_hotel_booking
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-50523

    Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3.... Read more

    Affected Products : all_post_contact_form
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 7.5

    HIGH
    CVE-2024-48931

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?token=<token>&files=<file_path>` is vulnerable to arbitra... Read more

    Affected Products : zimaos
    • Published: Oct. 24, 2024
    • Modified: Nov. 06, 2024
Showing 20 of 291170 Results