Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-47354

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 5.1

    MEDIUM
    CVE-2024-6157

    An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when speciall... Read more

    Affected Products :
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-47505

    An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 10.0

    CRITICAL
    CVE-2024-47875

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.... Read more

    Affected Products : dompurify
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.8

    MEDIUM
    CVE-2024-47501

    A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Se... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.7

    MEDIUM
    CVE-2023-42133

    PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in fir... Read more

    Affected Products : paydroid
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.1

    MEDIUM
    CVE-2024-39544

    An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.8

    HIGH
    CVE-2024-48813

    SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47504

    An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered S... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-47508

    An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.2

    HIGH
    CVE-2024-47490

    An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consump... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9211

    The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for una... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.2

    HIGH
    CVE-2024-8531

    CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.... Read more

    Affected Products : data_center_expert
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.8

    HIGH
    CVE-2024-45316

    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leadin... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 4.3

    MEDIUM
    CVE-2024-9538

    The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-l... Read more

    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9543

    The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products : powerpress
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9221

    The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers t... Read more

    Affected Products : tainacan
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 6.8

    MEDIUM
    CVE-2024-47496

    A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause ... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 8.7

    HIGH
    CVE-2024-47497

    An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker ... Read more

    Affected Products : junos
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 7.1

    HIGH
    CVE-2024-39526

    An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 291384 Results