Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-9507

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input valida... Read more

    Affected Products : contact_form_builder
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-48813

    SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.8

    MEDIUM
    CVE-2024-39527

    An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of pro... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-45316

    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leadin... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-47498

    An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Several configuration statements meant to enfor... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-47508

    An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47504

    An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered S... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.2

    HIGH
    CVE-2024-47490

    An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consump... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.9

    MEDIUM
    CVE-2024-47507

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream d... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.9

    MEDIUM
    CVE-2024-8530

    CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.... Read more

    Affected Products : data_center_expert
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 10.0

    CRITICAL
    CVE-2024-47875

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.... Read more

    Affected Products : dompurify
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.8

    MEDIUM
    CVE-2024-47501

    A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Se... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-47505

    An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-39534

    An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address o... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.2

    HIGH
    CVE-2024-47494

    A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process d... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.2

    CRITICAL
    CVE-2023-25581

    pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-... Read more

    Affected Products : pac4j
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.9

    MEDIUM
    CVE-2024-4658

    SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0.... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.5

    MEDIUM
    CVE-2024-7514

    The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authentica... Read more

    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9346

    The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9610

    The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated att... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 291274 Results