Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-8967

    The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : pwa
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-9574

    SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-9573

    SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9572

    Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an au... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-9571

    Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to a... Read more

    Affected Products : soplanning
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9565

    A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflo... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9564

    A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is po... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9563

    A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer over... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 07, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9562

    A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotel... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9561

    A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the att... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9559

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to l... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9557

    A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The ... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9556

    A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is p... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9558

    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be i... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024

  • 9.0

    HIGH
    CVE-2024-9555

    A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer o... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Oct. 06, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-46846

    In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting r... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-46843

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-46842

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-37868

    File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.... Read more

    Affected Products : online_discussion_forum
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-37869

    File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable... Read more

    Affected Products : online_discussion_forum
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024
Showing 20 of 291219 Results