Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-46658

    Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 07, 2024

  • 6.7

    MEDIUM
    CVE-2024-42027

    The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 6.4

    MEDIUM
    CVE-2024-8505

    The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products : ajax_load_more
    • Published: Oct. 02, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-8799

    The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers... Read more

    Affected Products : custom_banners
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 8.8

    HIGH
    CVE-2024-9018

    The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of suffi... Read more

    Affected Products : wp_easy_gallery
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-9209

    The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated a... Read more

    Affected Products : wp_search_analytics
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-9220

    The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated atta... Read more

    Affected Products : lh_copy_media_file
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-9224

    The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to r... Read more

    Affected Products : hello_world
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 5.0

    MEDIUM
    CVE-2024-7319

    An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.... Read more

    Affected Products : openstack_platform heat
    • Published: Aug. 02, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-47527

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-47525

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerabil... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-47523

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which ... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-9228

    The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthe... Read more

    Affected Products : loggedin
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-9241

    The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated at... Read more

    Affected Products : pdf_image_generator
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-47608

    Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2.... Read more

    Affected Products : logicytics
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-9265

    The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_p... Read more

    Affected Products : echo_rss_feed_post_generator
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-9289

    The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity p... Read more

    Affected Products : affiliate_pro
    • Published: Oct. 01, 2024
    • Modified: Oct. 07, 2024

  • 7.4

    HIGH
    CVE-2024-20406

    A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected devic... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 07, 2024

  • 5.3

    MEDIUM
    CVE-2024-20390

    A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation ... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 07, 2024

  • 6.9

    MEDIUM
    CVE-2024-47764

    cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alte... Read more

    Affected Products : cookie
    • Published: Oct. 04, 2024
    • Modified: Oct. 07, 2024
Showing 20 of 291219 Results