Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-9892

    The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products : add_widget_after_content
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-47743

    In the Linux kernel, the following vulnerability has been resolved: KEYS: prevent NULL pointer dereference in find_asymmetric_key() In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2} arguments, the kernel will first emit WARN but then h... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-47744

    In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Use a dedicated mutex to guard kvm_usage_count to fix a potential deadlock on x86 due to a chain of locks and SRCU ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-10199

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of ... Read more

    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.1

    MEDIUM
    CVE-2024-10198

    A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipula... Read more

    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.9

    MEDIUM
    CVE-2024-43300

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bert Kößler Movie Database allows Stored XSS.This issue affects Movie Database: from n/a through 1.0.11.... Read more

    Affected Products : movie_database
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49614

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.... Read more

    Affected Products : sermonaudio_widgets
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49613

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0.... Read more

    Affected Products : simple_code_insert_shortcode
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 6.3

    MEDIUM
    CVE-2024-47240

    Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and ... Read more

    Affected Products : secure_connect_gateway
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-9206

    The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unau... Read more

    Affected Products : mas_companies_for_wp_job_manager
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 4.3

    MEDIUM
    CVE-2024-9364

    The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attac... Read more

    Affected Products : sendgrid
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9703

    The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products : arconix_shortcodes
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9366

    The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products : easy_menu_manager
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-10192

    A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. ... Read more

    Affected Products : ifsc_code_finder
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9373

    The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,... Read more

    Affected Products : elemenda
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-47681

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he Fix the NULL pointer dereference in mt7996_mcu_sta_bfer_he routine adding an sta interface to the mt7996 drive... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-47677

    In the Linux kernel, the following vulnerability has been resolved: exfat: resolve memory leak from exfat_create_upcase_table() If exfat_load_upcase_table reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfat_load_default_u... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 7.3

    HIGH
    CVE-2024-7890

    Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows... Read more

    Affected Products : workspace workspace_app
    • Published: Sep. 11, 2024
    • Modified: Oct. 22, 2024

  • 7.3

    HIGH
    CVE-2024-7889

    Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows... Read more

    Affected Products : workspace workspace_app
    • Published: Sep. 11, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-10154

    A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid le... Read more

    Affected Products : boat_booking_system
    • Published: Oct. 19, 2024
    • Modified: Oct. 22, 2024
Showing 20 of 291741 Results