Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-6657

    A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10619

    A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /pda/reportshop/next_detail.php. The manipulation of the argument repid leads to sql injection. It is possible to launc... Read more

    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10618

    A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.10. This issue affects some unknown processing of the file /pda/reportshop/record_detail.php. The manipulation of the argument repid leads to sql injection. The a... Read more

    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10698

    A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. Th... Read more

    Affected Products : ac6_firmware ac6
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-9896

    The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. Thi... Read more

    Affected Products : bbp_core
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-7475

    An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and t... Read more

    Affected Products : lunary
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-9868

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.1... Read more

    Affected Products : element_pack
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-51076

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.... Read more

    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-51075

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter.... Read more

    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 8.8

    HIGH
    CVE-2024-51181

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.... Read more

    Affected Products : ifsc_code_finder
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 8.8

    HIGH
    CVE-2024-51180

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.... Read more

    Affected Products : ifsc_code_finder
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10462

    Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10463

    Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10464

    Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunder... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10465

    A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10468

    Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.... Read more

    Affected Products : firefox thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10467

    Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-10461

    In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 12... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-10540

    The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficien... Read more

    Affected Products : bookingpress
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 7.8

    HIGH
    CVE-2022-49006

    In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 04, 2024
Showing 20 of 291150 Results