Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8456

    Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of ... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 8.8

    HIGH
    CVE-2024-8458

    Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the us... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 7.2

    HIGH
    CVE-2024-8459

    Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-42495

    Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data.... Read more

    • Published: Sep. 05, 2024
    • Modified: Oct. 04, 2024

  • 4.6

    MEDIUM
    CVE-2024-39278

    Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data.... Read more

    • Published: Sep. 05, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9106

    The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenti... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8720

    The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output esc... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-9269

    The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-9405

    An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located ... Read more

    Affected Products : pluckcms
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-9119

    The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-21531

    All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 7.8

    HIGH
    CVE-2024-47560

    RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it do... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 4.8

    MEDIUM
    CVE-2024-46475

    A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products :
    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 5.6

    MEDIUM
    CVE-2024-44610

    PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.8

    MEDIUM
    CVE-2023-7273

    Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-9118

    The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products : qs_dark_mode
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-9060

    The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev... Read more

    Affected Products : avif_uploader
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.3

    MEDIUM
    CVE-2024-8430

    The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for ... Read more

    Affected Products : spice_starter_sites
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-8288

    The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to,... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 6.4

    MEDIUM
    CVE-2024-9274

    The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024
Showing 20 of 291219 Results