Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-10340

    The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 5.1

    MEDIUM
    CVE-2024-50346

    WebFeed is a lightweight web feed reader extension for Firefox/Chrome. Multiple HTML injection vulnerabilities in WebFeed can lead to CSRF and UI spoofing attacks. A remote attacker can provide malicious RSS feeds and attract the victim user to visit it u... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 5.3

    MEDIUM
    CVE-2024-51500

    Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks... Read more

    Affected Products : meshtastic_firmware
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 6.0

    MEDIUM
    CVE-2024-51498

    cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to download an item from a picker. This issue has been prese... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-37846

    MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.... Read more

    Affected Products : mango
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 5.4

    MEDIUM
    CVE-2024-37844

    A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : mango
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-37847

    An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : mango mangoapi
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-48217

    An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.3

    CRITICAL
    CVE-2024-20412

    A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to th... Read more

    • Published: Oct. 23, 2024
    • Modified: Nov. 05, 2024

  • 5.8

    MEDIUM
    CVE-2024-20431

    A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocati... Read more

    Affected Products : firepower_threat_defense
    • Published: Oct. 23, 2024
    • Modified: Nov. 05, 2024

  • 9.0

    HIGH
    CVE-2024-10661

    A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The att... Read more

    Affected Products : ac15_firmware ac15
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.0

    HIGH
    CVE-2024-10662

    A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The atta... Read more

    Affected Products : ac15_firmware ac15
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.9

    CRITICAL
    CVE-2024-51482

    ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.... Read more

    Affected Products : zoneminder
    • Published: Oct. 31, 2024
    • Modified: Nov. 05, 2024

  • 8.8

    HIGH
    CVE-2024-9560

    A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql inj... Read more

    Affected Products : cdg
    • Published: Oct. 06, 2024
    • Modified: Nov. 05, 2024

  • 5.5

    MEDIUM
    CVE-2024-45448

    Page table protection configuration vulnerability in the trusted firmware module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 04, 2024
    • Modified: Nov. 05, 2024

  • 4.7

    MEDIUM
    CVE-2024-45003

    In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects all reclaimable inodes and mark them with I_FREEING fla... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Nov. 05, 2024

  • 9.1

    CRITICAL
    CVE-2024-10654

    A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to a... Read more

    Affected Products : lr350_firmware
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-8957

    PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When cha... Read more

    • Actively Exploited
    • Published: Sep. 17, 2024
    • Modified: Nov. 05, 2024

  • 9.1

    CRITICAL
    CVE-2024-8956

    PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a... Read more

    • Actively Exploited
    • Published: Sep. 17, 2024
    • Modified: Nov. 05, 2024

  • 4.8

    MEDIUM
    CVE-2024-51432

    Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024
Showing 20 of 291193 Results