Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-46840

    In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9172

    The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products : demo_importer_plus
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 5.9

    MEDIUM
    CVE-2024-44439

    An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.... Read more

    Affected Products :
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9242

    The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficien... Read more

    Affected Products : memberful
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 4.8

    MEDIUM
    CVE-2024-9306

    The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products : wp_booking_calendar
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9435

    The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : shiftcontroller
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9071

    The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.... Read more

    Affected Products : easy_demo_importer
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-20434

    A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag i... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9271

    The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : re\
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9345

    The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possib... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.5

    MEDIUM
    CVE-2022-49037

    Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 7.8

    HIGH
    CVE-2022-49038

    Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : drive drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 6.7

    MEDIUM
    CVE-2022-49039

    Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : drive drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 6.7

    MEDIUM
    CVE-2024-20492

    A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the atta... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 4.4

    MEDIUM
    CVE-2022-49040

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified ve... Read more

    Affected Products : drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 4.4

    MEDIUM
    CVE-2022-49041

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified v... Read more

    Affected Products : drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-20477

    A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affe... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.6

    HIGH
    CVE-2024-20491

    A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an interna... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.2

    HIGH
    CVE-2023-52946

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.... Read more

    Affected Products : drive drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-43699

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.... Read more

    Affected Products : diaenergie
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024
Showing 20 of 291219 Results