Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-42417

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.... Read more

    Affected Products : diaenergie
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9210

    The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticat... Read more

    Affected Products : mailchimp_top_bar
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9222

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9218

    The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the U... Read more

    Affected Products : blockart_blocks magazine_blocks
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-20449

    A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker coul... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-20444

    A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected dev... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.6

    HIGH
    CVE-2024-20448

    A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the impr... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.6

    HIGH
    CVE-2024-20490

    A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists bec... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9344

    The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including,... Read more

    Affected Products : berqwp
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-20393

    A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability ex... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-9460

    A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the att... Read more

    Affected Products : online_shopping_portal
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-47618

    Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed... Read more

    Affected Products : sulu
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 7.2

    HIGH
    CVE-2024-20365

    A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system an... Read more

    Affected Products : unified_computing_system
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-47617

    Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scrip... Read more

    Affected Products : sulu
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 5.9

    MEDIUM
    CVE-2024-20385

    A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.  This vulnerability exists because the Cisco NDO ... Read more

    Affected Products : nexus_dashboard_orchestrator
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 7.5

    HIGH
    CVE-2024-8352

    The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attac... Read more

    Affected Products : social_web_suite
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 9.9

    CRITICAL
    CVE-2024-20432

    A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.   This vulnerability is due... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-20438

    A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API end... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-20521

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerabil... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.1

    CRITICAL
    CVE-2024-20520

    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerabil... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024
Showing 20 of 291219 Results