Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2023-7294

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for ... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 6.2

    MEDIUM
    CVE-2024-39440

    In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 t606 t610 t612 t616 t618 t760 t770 t820
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2023-7293

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible ... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2023-7292

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possibl... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 6.2

    MEDIUM
    CVE-2024-39439

    In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 t606 t610 t612 t616 t618 t760 t770 t820
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 8.1

    HIGH
    CVE-2023-7291

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible f... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2023-7290

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible f... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2023-7289

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for ... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2023-7287

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it poss... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 5.4

    MEDIUM
    CVE-2023-7288

    The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible ... Read more

    Affected Products : paytium
    • Published: Oct. 16, 2024
    • Modified: Oct. 17, 2024

  • 6.8

    MEDIUM
    CVE-2024-43543

    Windows Mobile Broadband Driver Remote Code Execution Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.7

    MEDIUM
    CVE-2024-39438

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 6.7

    MEDIUM
    CVE-2024-39437

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +17 more products
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    HIGH
    CVE-2024-43544

    Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.7

    MEDIUM
    CVE-2024-39436

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +17 more products
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-45838

    The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for call... Read more

    Affected Products : atak_plugin gotenna
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    HIGH
    CVE-2024-45723

    The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF.... Read more

    Affected Products : atak_plugin gotenna
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-45374

    The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to... Read more

    Affected Products : atak_plugin gotenna
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 6.5

    MEDIUM
    CVE-2024-43108

    The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is advised to continue to use enc... Read more

    Affected Products : atak_plugin gotenna
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-41931

    The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.... Read more

    Affected Products : atak_plugin gotenna
    • Published: Sep. 26, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 291385 Results