Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-41617

    Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allo... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-50575

    In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 7.5

    HIGH
    CVE-2024-10073

    A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possi... Read more

    Affected Products : flair
    • Published: Oct. 17, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50576

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50577

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50578

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-50579

    In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50580

    In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50581

    In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50582

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 7.5

    HIGH
    CVE-2024-50574

    In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality... Read more

    Affected Products : youtrack
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-50573

    In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services... Read more

    Affected Products : hub
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.9

    MEDIUM
    CVE-2024-49288

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a thro... Read more

    • Published: Oct. 17, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-10014

    The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe... Read more

    Affected Products : flat_ui_button
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 5.3

    MEDIUM
    CVE-2024-49214

    QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.... Read more

    Affected Products : haproxy
    • Published: Oct. 14, 2024
    • Modified: Oct. 29, 2024

  • 8.0

    HIGH
    CVE-2024-44667

    Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access.... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Oct. 29, 2024

  • 7.8

    HIGH
    CVE-2022-48948

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), dat... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 29, 2024

  • 5.5

    MEDIUM
    CVE-2022-48949

    In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 29, 2024

  • 7.8

    HIGH
    CVE-2024-43843

    In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image We get the size of the trampoline image during the dry run phase and allocate memory based on that size. The allocate... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Oct. 29, 2024

  • 3.3

    LOW
    CVE-2024-43841

    In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_res... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 291717 Results