Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-9460

    A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the att... Read more

    Affected Products : online_shopping_portal
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-47618

    Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed... Read more

    Affected Products : sulu
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 7.2

    HIGH
    CVE-2024-20365

    A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system an... Read more

    Affected Products : unified_computing_system
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-47617

    Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scrip... Read more

    Affected Products : sulu
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 5.9

    MEDIUM
    CVE-2024-20385

    A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.  This vulnerability exists because the Cisco NDO ... Read more

    Affected Products : nexus_dashboard_orchestrator
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 7.5

    HIGH
    CVE-2024-8352

    The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attac... Read more

    Affected Products : social_web_suite
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 9.9

    CRITICAL
    CVE-2024-20432

    A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.   This vulnerability is due... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-20438

    A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API end... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-20521

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerabil... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-20520

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerabil... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-20519

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerabil... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-20518

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerabil... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.8

    MEDIUM
    CVE-2024-20524

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a de... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.8

    MEDIUM
    CVE-2024-20523

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a de... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.8

    MEDIUM
    CVE-2024-20522

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a de... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.8

    MEDIUM
    CVE-2024-20517

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a de... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-20441

    A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the af... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.8

    MEDIUM
    CVE-2024-20516

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a de... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2023-26315

    The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.... Read more

    Affected Products : ax9000_firmware ax9000
    • Published: Aug. 26, 2024
    • Modified: Oct. 08, 2024

  • 4.8

    MEDIUM
    CVE-2024-8758

    The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability... Read more

    Affected Products : quiz_and_survey_master
    • Published: Sep. 23, 2024
    • Modified: Oct. 07, 2024
Showing 20 of 291209 Results