Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-8713

    The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated atta... Read more

    Affected Products : kodex_posts_likes
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.1

    CRITICAL
    CVE-2024-46488

    sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.... Read more

    Affected Products : sqlite-vec
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-7781

    The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in ... Read more

    Affected Products : jupiter_x_core jupiterx
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-8485

    The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines w... Read more

    Affected Products : rest_api_to_miniprogram
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-7772

    The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload... Read more

    Affected Products : jupiter_x_core jupiterx
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 9.9

    CRITICAL
    CVE-2024-8621

    The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of ... Read more

    Affected Products : daily_prayer_time
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.1

    MEDIUM
    CVE-2024-8549

    The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible f... Read more

    Affected Products : simple_calendar
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 7.2

    HIGH
    CVE-2024-7617

    The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : contact_form_to_any_api
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.1

    MEDIUM
    CVE-2024-46655

    A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.... Read more

    Affected Products : ellevo
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 5.3

    MEDIUM
    CVE-2023-52950

    Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 5.5

    MEDIUM
    CVE-2023-52949

    Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 5.0

    MEDIUM
    CVE-2023-52948

    Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 4.0

    MEDIUM
    CVE-2023-52947

    Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to op... Read more

    Affected Products : active_backup_for_business_agent
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 5.8

    MEDIUM
    CVE-2021-22518

    A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0... Read more

    Affected Products : identity_manager_azuread_driver
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 7.5

    HIGH
    CVE-2022-26322

    Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200.... Read more

    Affected Products : identity_manager_rest_driver
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-45823

    CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate ad... Read more

    Affected Products : factorytalk_batch_view
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 9.0

    CRITICAL
    CVE-2024-0132

    NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use case... Read more

    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 4.1

    MEDIUM
    CVE-2024-0133

    NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful... Read more

    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 8.7

    HIGH
    CVE-2024-45825

    CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.... Read more

    Affected Products : 5015-u8ihft_firmware 5015-u8ihft
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 8.8

    HIGH
    CVE-2024-45826

    CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.... Read more

    Affected Products : thinmanager
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024
Showing 20 of 291138 Results