Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-49619

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0.... Read more

    Affected Products : social_link_groups
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-47634

    Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a thr... Read more

    Affected Products : cartbounty
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49250

    Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408.... Read more

    Affected Products : table_of_contents_plus
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49272

    Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15.... Read more

    Affected Products : social_auto_poster
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49274

    Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7.... Read more

    Affected Products : vod_infomaniak
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49275

    Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69.... Read more

    Affected Products : ideapush
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49290

    Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more

    Affected Products : cooked
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49306

    Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9.... Read more

    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-46237

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.... Read more

    Affected Products : hospital_management_system
    • Published: Oct. 09, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49325

    Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions.... Read more

    Affected Products : photo_gallery_builder
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49627

    Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4.... Read more

    Affected Products : wordpress_image_seo
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49628

    Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18.... Read more

    Affected Products : most_and_least_read_posts_widget
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 6.0

    MEDIUM
    CVE-2024-20461

    A vulnerability in the CLI&nbsp;of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is n... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-10142

    A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Oct. 19, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-10133

    A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontI... Read more

    Affected Products : cdg
    • Published: Oct. 19, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-10134

    A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. T... Read more

    Affected Products : cdg
    • Published: Oct. 19, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-10135

    A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection.... Read more

    Affected Products : cdg
    • Published: Oct. 19, 2024
    • Modified: Oct. 22, 2024

  • 7.2

    HIGH
    CVE-2024-20459

    A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlyi... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 8.2

    HIGH
    CVE-2024-20458

    A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulne... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-9537

    ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made availabl... Read more

    Affected Products : sl1
    • Actively Exploited
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 291589 Results