Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-49669

    Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 7.7

    HIGH
    CVE-2024-49657

    Missing Authorization vulnerability in ReneeCussack 3D Work In Progress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D Work In Progress: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.0

    MEDIUM
    CVE-2024-20370

    A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrativ... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 8.6

    HIGH
    CVE-2024-20260

    A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticate... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 9.9

    CRITICAL
    CVE-2024-49671

    Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Ima... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 7.2

    HIGH
    CVE-2024-49684

    Deserialization of Untrusted Data vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 10.0

    CRITICAL
    CVE-2024-49668

    Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 7.5

    HIGH
    CVE-2024-49690

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qi Blocks.This issue affects Qi Blocks: from n/a through 1.3.2.... Read more

    Affected Products : qi_blocks
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.1

    MEDIUM
    CVE-2024-10332

    A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint “/abonados/public/janto/m... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 4.6

    MEDIUM
    CVE-2024-49762

    Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a `DELETE` request with their current password in a query parameter will be sent. While query parameters are encrypted when usi... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.1

    HIGH
    CVE-2024-10327

    A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user lo... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.4

    HIGH
    CVE-2024-48545

    Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-9650

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products : wp_recipe_maker
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.8

    HIGH
    CVE-2024-9598

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible... Read more

    Affected Products : accelerated_mobile_pages
    • Published: Oct. 25, 2024
    • Modified: Oct. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-10016

    The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-49683

    Missing Authorization vulnerability in Schema & Structured Data for WP & AMP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.9

    MEDIUM
    CVE-2024-9692

    VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.4

    HIGH
    CVE-2024-48544

    Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.8

    HIGH
    CVE-2024-40431

    A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as ... Read more

    Affected Products :
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 5.8

    MEDIUM
    CVE-2024-9949

    Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.... Read more

    Affected Products : secureconnector
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024
Showing 20 of 291780 Results