Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2024-6654

    Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.... Read more

    Affected Products : cyber_security
    • Published: Sep. 27, 2024
    • Modified: Oct. 09, 2024

  • 5.3

    MEDIUM
    CVE-2024-8520

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or inco... Read more

    Affected Products : ultimate_member
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-8802

    The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to... Read more

    Affected Products : clio_grow
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-20381

    A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an auth... Read more

    • Published: Sep. 11, 2024
    • Modified: Oct. 08, 2024

  • 8.6

    HIGH
    CVE-2024-20436

    A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is ... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-4278

    An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certai... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 6.6

    MEDIUM
    CVE-2024-45933

    OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-8254

    The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software a... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-8800

    The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping o... Read more

    Affected Products : rabbitloader
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9353

    The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for una... Read more

    Affected Products : popularis_extra
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-8967

    The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : pwa
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-9574

    SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-9573

    SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9572

    Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an au... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9571

    Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to a... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9565

    A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflo... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9564

    A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is po... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9563

    A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer over... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9562

    A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotel... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9561

    A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the att... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024
Showing 20 of 291209 Results