Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-8965

    The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products : absolute_reviews
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 8.8

    HIGH
    CVE-2024-28948

    Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.... Read more

    Affected Products : adam-5630_firmware adam-5630
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8991

    The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user sup... Read more

    Affected Products : openstreetmap
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9359

    A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The... Read more

    Affected Products : restaurant_reservation_system
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9360

    A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to i... Read more

    Affected Products : restaurant_reservation_system
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-9049

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on ... Read more

    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-47182

    Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in ver... Read more

    Affected Products : dozzle
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 8.8

    HIGH
    CVE-2024-7149

    The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, ... Read more

    Affected Products : eventin
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-47184

    Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue.... Read more

    Affected Products : ampache
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9280

    A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads... Read more

    Affected Products : kvf-admin
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 7.8

    HIGH
    CVE-2024-46804

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. [How] Check msg_id valid and valid array index.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-46803

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue. It will cause write dbg_ev_file execution after debug_tra... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-46810

    In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling any HPD events via drm_kms_helper_hot... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-46807

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULL... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-4099

    An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2024
    • Modified: Oct. 04, 2024

  • 4.3

    MEDIUM
    CVE-2024-8974

    Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."... Read more

    Affected Products : gitlab
    • Published: Sep. 26, 2024
    • Modified: Oct. 04, 2024

  • 7.8

    HIGH
    CVE-2024-46814

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before us... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 7.2

    HIGH
    CVE-2024-9130

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lac... Read more

    Affected Products : givewp
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 7.8

    HIGH
    CVE-2024-46818

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-46628

    Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 26, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 291209 Results