Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-48143

    A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 7.5

    HIGH
    CVE-2024-48142

    A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 7.8

    HIGH
    CVE-2022-48981

    In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove errant put in error path drm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM object getting prematurely freed leading to a later use-after-fre... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 25, 2024

  • 8.1

    HIGH
    CVE-2024-43573

    Windows MSHTML Platform Spoofing Vulnerability... Read more

    • Actively Exploited
    • Published: Oct. 08, 2024
    • Modified: Oct. 25, 2024

  • 7.8

    HIGH
    CVE-2024-43572

    Microsoft Management Console Remote Code Execution Vulnerability... Read more

    • Actively Exploited
    • Published: Oct. 08, 2024
    • Modified: Oct. 25, 2024

  • 5.5

    MEDIUM
    CVE-2022-48982

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: [ 71.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 25, 2024

  • 8.1

    HIGH
    CVE-2024-10229

    Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 8.8

    HIGH
    CVE-2024-10231

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-40493

    Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_p... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-44812

    SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.... Read more

    Affected Products : online_complaint_site
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-9947

    The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauth... Read more

    Affected Products : profilepress
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 4.8

    MEDIUM
    CVE-2024-48652

    Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.... Read more

    Affected Products : camaleon_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-8500

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes ... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.1

    MEDIUM
    CVE-2024-10250

    The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attack... Read more

    Affected Products : nioland
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 6.2

    MEDIUM
    CVE-2024-48540

    Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-9829

    The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This ma... Read more

    Affected Products : download_plugin
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 7.2

    HIGH
    CVE-2024-30158

    A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Oct. 25, 2024

  • 7.2

    HIGH
    CVE-2024-9927

    The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possi... Read more

    Affected Products : woocommerce_order_proposal
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-9583

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, an... Read more

    Affected Products : rss_aggregator
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 4.2

    MEDIUM
    CVE-2024-48926

    Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a ses... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024
Showing 20 of 291902 Results