Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2024-9782

    A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overf... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 9.0

    HIGH
    CVE-2024-9783

    A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be ... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 8.8

    HIGH
    CVE-2024-47846

    Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.... Read more

    Affected Products : cargo
    • Published: Oct. 05, 2024
    • Modified: Oct. 16, 2024

  • 6.9

    MEDIUM
    CVE-2024-47847

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.... Read more

    Affected Products : mediawiki cargo
    • Published: Oct. 05, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-5749

    Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-48914

    Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of a... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 5.8

    MEDIUM
    CVE-2024-9977

    A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argu... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 5.9

    MEDIUM
    CVE-2024-48913

    Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request ... Read more

    Affected Products : hono
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-9979

    A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.... Read more

    Affected Products : pyo3
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 7.0

    HIGH
    CVE-2024-47771

    Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vect... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 3.7

    LOW
    CVE-2024-9506

    Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 8.7

    HIGH
    CVE-2024-47080

    matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was ... Read more

    Affected Products : javascript_sdk
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 5.5

    MEDIUM
    CVE-2024-22034

    Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 8.7

    HIGH
    CVE-2024-6380

    A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-48042

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.... Read more

    Affected Products : contact_form
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-47649

    Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49257

    Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.9

    CRITICAL
    CVE-2020-36837

    The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset th... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.2

    HIGH
    CVE-2019-25214

    The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perf... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-49218

    Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 291384 Results