Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2024-0793

    A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.... Read more

    Affected Products : kubernetes
    • Published: Nov. 17, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-10861

    The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including,... Read more

    Affected Products : popup_box
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-10017

    The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-52918

    Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-52413

    Deserialization of Untrusted Data vulnerability in DMC Airin Blog allows Object Injection.This issue affects Airin Blog: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2020-3532

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco U... Read more

    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-9386

    The Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-10147

    The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 7.4

    HIGH
    CVE-2021-1285

    Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to impr... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2021-1379

    Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a relo... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-10884

    The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.0. This makes... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-10875

    The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and including, 1.6.58. This makes it possible for unauthenticated at... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 6.4

    MEDIUM
    CVE-2024-11092

    The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-52400

    Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.1

    CRITICAL
    CVE-2024-52398

    Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 8.7

    HIGH
    CVE-2024-8781

    Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.This issue affects Application Security Platform (ASP): v1.4.25.188.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-11305

    A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 10.0

    CRITICAL
    CVE-2024-52416

    Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-52414

    Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through 5.3.18.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-52404

    Unrestricted Upload of File with Dangerous Type vulnerability in Bigfive CF7 Reply Manager.This issue affects CF7 Reply Manager: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024
Showing 20 of 293508 Results