Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-8536

    The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored... Read more

    Affected Products : ultimate_blocks
    • Published: Sep. 30, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23923

    Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploi... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 8.0

    HIGH
    CVE-2024-23935

    Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ab... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 6.8

    MEDIUM
    CVE-2024-23961

    Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 6.8

    MEDIUM
    CVE-2024-23924

    Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not requir... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 4.6

    MEDIUM
    CVE-2024-23960

    Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required ... Read more

    Affected Products : ilx-f509_firmware ilx-f509
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44968

    In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptib... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 7.4

    HIGH
    CVE-2024-20317

    A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 6.4

    MEDIUM
    CVE-2024-20475

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vu... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23958

    Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charg... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 8.0

    HIGH
    CVE-2024-23959

    Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger A... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44969

    In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23957

    Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Eli... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 8.0

    HIGH
    CVE-2024-23967

    Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharge... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 4.3

    MEDIUM
    CVE-2024-8910

    The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authe... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-23938

    Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not... Read more

    Affected Products : gecko_os
    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.3

    MEDIUM
    CVE-2024-9189

    The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. This makes... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-8788

    The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. This makes it possible for un... Read more

    • Published: Sep. 28, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-44972

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extent_write_locked_range() [BUG] For subpage + zoned case, the following workload can lead to rsv data leak at unmount time: # mkfs.btrfs -f -s... Read more

    Affected Products : linux_kernel
    • Published: Sep. 04, 2024
    • Modified: Oct. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-46861

    In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: * Payload too short * Payload formatted incorrecly (e.g. bad NCM framing) * Lack of me... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 03, 2024
Showing 20 of 291196 Results