Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-51419

    Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor Network Technology Co., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 8.4

    HIGH
    CVE-2024-37573

    The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.talkatone.vedroid.ui.launcher.OutgoingCallInter... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 5.7

    MEDIUM
    CVE-2024-49501

    Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 7.5

    HIGH
    CVE-2024-50508

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 8.9

    HIGH
    CVE-2024-0105

    NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosu... Read more

    Affected Products : bluefield_1_firmware
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9885

    The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 4.6

    MEDIUM
    CVE-2024-50344

    I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 6.3

    MEDIUM
    CVE-2024-50347

    Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in ... Read more

    Affected Products : laravel
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-21510

    Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Att... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9884

    The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9886

    The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 8.8

    HIGH
    CVE-2024-21537

    Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the d... Read more

    Affected Products :
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-43933

    Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows Stored XSS.This issue affects WPMobile.App: from n/a through 11.48.... Read more

    Affected Products : wpmobile.app
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 8.1

    HIGH
    CVE-2024-42041

    The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 8.8

    HIGH
    CVE-2024-36060

    EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9165

    The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escapi... Read more

    Affected Products : gift_vouchers
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 5.4

    MEDIUM
    CVE-2024-7424

    The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for a... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.3

    MEDIUM
    CVE-2024-50512

    Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through 3.10.2.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-10399

    The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attacke... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 4.8

    MEDIUM
    CVE-2024-30149

    HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.... Read more

    Affected Products :
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 293350 Results