Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2024-49399

    The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 7.6

    HIGH
    CVE-2024-48043

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 10.0

    CRITICAL
    CVE-2024-49291

    Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 6.5

    MEDIUM
    CVE-2024-43609

    Microsoft Office Spoofing Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 8.4

    HIGH
    CVE-2024-43497

    DeepSpeed Remote Code Execution Vulnerability... Read more

    Affected Products : deepspeed
    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.6

    MEDIUM
    CVE-2024-43480

    Azure Service Fabric for Linux Remote Code Execution Vulnerability... Read more

    Affected Products : linux_kernel azure_service_fabric
    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-48911

    OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unpri... Read more

    Affected Products : opencanary
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9687

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authentic... Read more

    Affected Products : wp_2fa_with_telegram
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-6757

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers,... Read more

    Affected Products : website_builder
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-43501

    Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 5.3

    MEDIUM
    CVE-2024-30117

    A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.... Read more

    Affected Products : bigfix_platform
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 5.5

    MEDIUM
    CVE-2024-43500

    Windows Resilient File System (ReFS) Information Disclosure Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 7.1

    HIGH
    CVE-2024-43502

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 6.4

    MEDIUM
    CVE-2024-9895

    The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : smart_online_order_for_clover
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-9944

    The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated atta... Read more

    Affected Products : woocommerce
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 6.1

    MEDIUM
    CVE-2024-21535

    Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.... Read more

    Affected Products : markdown-to-jsx
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9971

    The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.... Read more

    Affected Products : flowmaster_bpm_plus
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 8.8

    HIGH
    CVE-2024-9970

    The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.... Read more

    Affected Products : flowmaster_bpm_plus
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 7.8

    HIGH
    CVE-2024-43503

    Microsoft SharePoint Elevation of Privilege Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 7.5

    HIGH
    CVE-2024-43506

    BranchCache Denial of Service Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 291541 Results