Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-51792

    Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51571

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MasterBip MasterBip para Elementor allows DOM-Based XSS.This issue affects MasterBip para Elementor: from n/a through 1.6.3.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 6.4

    MEDIUM
    CVE-2024-10179

    The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on u... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 6.1

    MEDIUM
    CVE-2024-9357

    The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51575

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Extender All In One For Elementor allows Stored XSS.This issue affects Extender All In One For Elementor: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.1

    CRITICAL
    CVE-2024-51747

    Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `... Read more

    Affected Products : kanboard
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51573

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matthew Lillistone ML Responsive Audio player with playlist Shortcode allows Stored XSS.This issue affects ML Responsive Audio player with playlis... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 3.5

    LOW
    CVE-2024-47799

    Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information o... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 8.1

    HIGH
    CVE-2024-47295

    Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the inf... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Nov. 11, 2024

  • 8.9

    HIGH
    CVE-2024-7059

    A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.... Read more

    Affected Products : security_center
    • Published: Nov. 05, 2024
    • Modified: Nov. 09, 2024

  • 7.8

    HIGH
    CVE-2024-43601

    Visual Studio Code for Linux Remote Code Execution Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2024-44021

    Missing Authorization vulnerability in Truepush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Truepush: from n/a through 1.0.8.... Read more

    Affected Products : truepush
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-50109

    In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run... Read more

    Affected Products : linux_kernel
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 6.5

    MEDIUM
    CVE-2024-6762

    Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.... Read more

    Affected Products : jetty
    • Published: Oct. 14, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-50108

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and ke... Read more

    Affected Products : linux_kernel
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2024-50107

    In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses Commit 50c6dbdfd16e ("x86/ioremap: Improve iounmap() address range checks") introduces a WARN when adrre... Read more

    Affected Products : linux_kernel
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2024-44031

    Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3.... Read more

    Affected Products : joomsport
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-44038

    Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 8.8

    HIGH
    CVE-2024-44052

    Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10.... Read more

    Affected Products : helloasso
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 7.5

    HIGH
    CVE-2024-10028

    The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process... Read more

    Affected Products : everest_backup
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024
Showing 20 of 294454 Results