Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2024-9846

    The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not pr... Read more

    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-9488

    The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for una... Read more

    Affected Products : wpdiscuz
    • Published: Oct. 25, 2024
    • Modified: Nov. 06, 2024

  • 6.1

    MEDIUM
    CVE-2024-8792

    The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated at... Read more

    Affected Products : subscribe_to_comments
    • Published: Oct. 30, 2024
    • Modified: Nov. 06, 2024

  • 5.4

    MEDIUM
    CVE-2024-50348

    InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This v... Read more

    Affected Products : instantcms
    • Published: Oct. 29, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-10765

    A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attac... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-10764

    A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 7.1

    HIGH
    CVE-2024-44258

    This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system f... Read more

    Affected Products : iphone_os tvos ipados visionos
    • Published: Oct. 28, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-31998

    Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerabilit... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-31448

    Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2023-34445

    Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There a... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2023-34444

    Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. The... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2023-34443

    Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgr... Read more

    Affected Products : itop
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 6.3

    MEDIUM
    CVE-2024-8553

    A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the l... Read more

    Affected Products : satellite
    • Published: Oct. 31, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-7012

    An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on ... Read more

    Affected Products : satellite
    • Published: Sep. 04, 2024
    • Modified: Nov. 06, 2024

  • 7.4

    HIGH
    CVE-2024-45240

    The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by thir... Read more

    Affected Products :
    • Published: Aug. 24, 2024
    • Modified: Nov. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-44205

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able ... Read more

    Affected Products : macos iphone_os ipados
    • Published: Oct. 24, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-41577

    An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Nov. 05, 2024

  • 3.9

    LOW
    CVE-2021-46772

    Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption ... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Nov. 05, 2024

  • 5.3

    MEDIUM
    CVE-2024-43219

    Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-47362

    Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16.... Read more

    Affected Products : strong_testimonials
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024
Showing 20 of 291162 Results