Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-20459

    A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlyi... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 8.2

    HIGH
    CVE-2024-20458

    A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulne... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-9537

    ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made availabl... Read more

    Affected Products : sl1
    • Actively Exploited
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 7.5

    HIGH
    CVE-2024-10173

    A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack ca... Read more

    Affected Products : ddmq
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49617

    Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0.... Read more

    Affected Products : back_link_tracker
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49618

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through 1.1.1.... Read more

    Affected Products : mytweetlinks
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49615

    Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0.... Read more

    Affected Products : safetyforms
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9848

    The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : product_customizer_light
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49616

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nyasro Rate Own Post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through 1.0.... Read more

    Affected Products : rate_own_post
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-49567

    A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts ... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-6055

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the E... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-6056

    A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without ... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-10055

    The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and o... Read more

    Affected Products : click_to_chat
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 7.3

    HIGH
    CVE-2024-10078

    The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated ... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-10079

    The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated att... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-10080

    The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f... Read more

    Affected Products : wp_easy_post_types
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.6

    HIGH
    CVE-2023-49570

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in t... Read more

    Affected Products : total_security
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9452

    The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w... Read more

    Affected Products : branding
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 4.7

    MEDIUM
    CVE-2024-49859

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomic_file in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range() missed to check atom... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 7.8

    HIGH
    CVE-2024-47676

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 291712 Results