Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2024-9533

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack ma... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 05, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9534

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is p... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 05, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9535

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to ... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 05, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9550

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible ... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9551

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflo... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9552

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. ... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9553

    A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to ... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9566

    A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can... Read more

    Affected Products : dir-619l_firmware
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9567

    A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attac... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 9.0

    HIGH
    CVE-2024-9570

    A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The att... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Oct. 07, 2024
    • Modified: Oct. 09, 2024

  • 6.8

    MEDIUM
    CVE-2024-6654

    Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.... Read more

    Affected Products : cyber_security
    • Published: Sep. 27, 2024
    • Modified: Oct. 09, 2024

  • 5.3

    MEDIUM
    CVE-2024-8520

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or inco... Read more

    Affected Products : ultimate_member
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-8802

    The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to... Read more

    Affected Products : clio_grow
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-20381

    A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an auth... Read more

    • Published: Sep. 11, 2024
    • Modified: Oct. 08, 2024

  • 8.6

    HIGH
    CVE-2024-20436

    A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is ... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-4278

    An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certai... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 6.6

    MEDIUM
    CVE-2024-45933

    OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-8254

    The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software a... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-8800

    The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping o... Read more

    Affected Products : rabbitloader
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9353

    The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for una... Read more

    Affected Products : popularis_extra
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024
Showing 20 of 291219 Results