Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-10463

    Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10464

    Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunder... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-10465

    A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10468

    Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.... Read more

    Affected Products : firefox thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10467

    Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-10461

    In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 12... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 29, 2024
    • Modified: Nov. 04, 2024

  • 6.5

    MEDIUM
    CVE-2024-10540

    The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficien... Read more

    Affected Products : bookingpress
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 7.8

    HIGH
    CVE-2022-49006

    In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-8739

    The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for un... Read more

    Affected Products : recaptcha_integration
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-10310

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and ... Read more

    Affected Products : element_pack
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 7.2

    HIGH
    CVE-2024-10653

    IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-51427

    An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the mint function. NOTE: this is disputed by third parties because the impact is limited to function calls.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 04, 2024

  • 8.8

    HIGH
    CVE-2024-51426

    An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the _transfer function. NOTE: this is disputed by third parties because the impact is limited to function calls... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 04, 2024

  • 8.8

    HIGH
    CVE-2024-51425

    An issue in the WaterToken smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact. NOTE: this is disputed by third parties because the impact is limited to function calls.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-51424

    An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the Owned.setOwner function. NOTE: this is disputed by third parties because the impact is limited to function ... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 04, 2024

  • 7.5

    HIGH
    CVE-2024-7473

    An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request... Read more

    Affected Products : lunary
    • Published: Oct. 29, 2024
    • Modified: Nov. 03, 2024

  • 2.7

    LOW
    CVE-2024-7038

    An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Nov. 03, 2024

  • 7.1

    HIGH
    CVE-2024-6959

    A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process eac... Read more

    Affected Products : lollms_webui lollms_web_ui
    • Published: Oct. 13, 2024
    • Modified: Nov. 03, 2024

  • 6.5

    MEDIUM
    CVE-2024-6582

    A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerabi... Read more

    Affected Products : lunary
    • Published: Sep. 13, 2024
    • Modified: Nov. 03, 2024

  • 7.1

    HIGH
    CVE-2024-44159

    A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos
    • Published: Oct. 28, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 291158 Results