Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-42011

    The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat.... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 3.9

    LOW
    CVE-2021-26387

    Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Oct. 30, 2024

  • 6.1

    MEDIUM
    CVE-2024-10433

    A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site... Read more

    Affected Products : simple_web-based_chat_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 8.4

    HIGH
    CVE-2024-44255

    A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2024-47169

    Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling ... Read more

    Affected Products : agnai
    • Published: Sep. 26, 2024
    • Modified: Oct. 30, 2024

  • 6.2

    MEDIUM
    CVE-2024-47063

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a mali... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2018-25105

    The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary file... Read more

    Affected Products : file_manager file_manager
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 6.3

    MEDIUM
    CVE-2024-47064

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10427

    A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the argument t1 leads to sql injection. The attack can be in... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 5.4

    MEDIUM
    CVE-2024-47172

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The in... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2019-25213

    The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any fi... Read more

    Affected Products : advanced_access_manager
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2021-4448

    The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perfor... Read more

    Affected Products : kaswara
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10426

    A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /animalsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the ... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 5.9

    MEDIUM
    CVE-2024-8036

    ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, becom... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10431

    A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file /deletebird.php. The manipulation of the argument t1 leads to sql injection. It is possible to launch the ... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 8.7

    HIGH
    CVE-2020-26311

    Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available.... Read more

    Affected Products : useragent
    • Published: Oct. 26, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2021-4449

    The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary file... Read more

    Affected Products : zoomsounds
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 8.1

    HIGH
    CVE-2024-47878

    OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `<script>` tag in the output, so without escaping. An attacker could le... Read more

    Affected Products : openrefine
    • Published: Oct. 24, 2024
    • Modified: Oct. 30, 2024

  • 5.5

    MEDIUM
    CVE-2024-44247

    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 8.8

    HIGH
    CVE-2021-4450

    The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. T... Read more

    Affected Products : post_grid
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024
Showing 20 of 291058 Results