Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.4

    MEDIUM
    CVE-2022-49041

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified v... Read more

    Affected Products : drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-20477

    A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affe... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.6

    HIGH
    CVE-2024-20491

    A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an interna... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.2

    HIGH
    CVE-2023-52946

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.... Read more

    Affected Products : drive drive_client
    • Published: Sep. 26, 2024
    • Modified: Oct. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-43699

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.... Read more

    Affected Products : diaenergie
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-42417

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.... Read more

    Affected Products : diaenergie
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9210

    The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticat... Read more

    Affected Products : mailchimp_top_bar
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9222

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9218

    The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the U... Read more

    Affected Products : blockart_blocks magazine_blocks
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-20449

    A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker coul... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-20444

    A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected dev... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.6

    HIGH
    CVE-2024-20448

    A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the impr... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.6

    HIGH
    CVE-2024-20490

    A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists bec... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9344

    The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including,... Read more

    Affected Products : berqwp
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 8.8

    HIGH
    CVE-2024-20393

    A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability ex... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-9460

    A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the att... Read more

    Affected Products : online_shopping_portal
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 5.4

    MEDIUM
    CVE-2024-47618

    Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed... Read more

    Affected Products : sulu
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 7.2

    HIGH
    CVE-2024-20365

    A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system an... Read more

    Affected Products : unified_computing_system
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-47617

    Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scrip... Read more

    Affected Products : sulu
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 5.9

    MEDIUM
    CVE-2024-20385

    A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.  This vulnerability exists because the Cisco NDO ... Read more

    Affected Products : nexus_dashboard_orchestrator
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024
Showing 20 of 291222 Results