Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-45137

    InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file w... Read more

    Affected Products : macos windows indesign
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 4.9

    MEDIUM
    CVE-2024-21193

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with netw... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024

  • 4.4

    MEDIUM
    CVE-2024-21192

    Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker w... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47424

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in ... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47423

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47422

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47421

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 7.8

    HIGH
    CVE-2024-47425

    Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac... Read more

    Affected Products : windows framemaker
    • Published: Oct. 09, 2024
    • Modified: Oct. 18, 2024

  • 6.6

    MEDIUM
    CVE-2024-47888

    Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Caref... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.6

    MEDIUM
    CVE-2024-41128

    Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dis... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.6

    MEDIUM
    CVE-2024-47887

    Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For a... Read more

    Affected Products : rails
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 5.3

    MEDIUM
    CVE-2024-44762

    A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9240

    The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthen... Read more

    Affected Products : redi_restaurant_reservation
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-9263

    The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the sav... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 8.8

    HIGH
    CVE-2024-9215

    The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via t... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-9347

    The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. ... Read more

    Affected Products : wp_extended
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.1

    MEDIUM
    CVE-2024-8719

    The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.3

    MEDIUM
    CVE-2023-32266

    Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.   This issue affects Applic... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2024-47836

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more

    Affected Products : admidio
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-9863

    The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to re... Read more

    Affected Products : otp_verification_with_firebase
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024
Showing 20 of 291419 Results