Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-46846

    In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting r... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-46843

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-46842

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-37868

    File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.... Read more

    Affected Products : online_discussion_forum
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-37869

    File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable... Read more

    Affected Products : online_discussion_forum
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-46840

    In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9172

    The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products : demo_importer_plus
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 5.9

    MEDIUM
    CVE-2024-44439

    An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.... Read more

    Affected Products :
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9242

    The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficien... Read more

    Affected Products : memberful
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 4.8

    MEDIUM
    CVE-2024-9306

    The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products : wp_booking_calendar
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9435

    The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : shiftcontroller
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9071

    The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.... Read more

    Affected Products : easy_demo_importer
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 4.3

    MEDIUM
    CVE-2024-20434

    A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag i... Read more

    Affected Products : ios_xe
    • Published: Sep. 25, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9271

    The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : re\
    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9345

    The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possib... Read more

    • Published: Oct. 04, 2024
    • Modified: Oct. 08, 2024

  • 6.5

    MEDIUM
    CVE-2022-49037

    Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 7.8

    HIGH
    CVE-2022-49038

    Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : drive drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 6.7

    MEDIUM
    CVE-2022-49039

    Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : drive drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 6.7

    MEDIUM
    CVE-2024-20492

    A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the atta... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 4.4

    MEDIUM
    CVE-2022-49040

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified ve... Read more

    Affected Products : drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024
Showing 20 of 291222 Results