Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-20398

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of u... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 7.2

    HIGH
    CVE-2024-20483

    Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 8.4

    HIGH
    CVE-2024-20489

    A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database... Read more

    Affected Products : ios_xr
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 8.6

    HIGH
    CVE-2024-8686

    A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.... Read more

    Affected Products : pan-os prisma_access
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 7.8

    HIGH
    CVE-2024-8316

    In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.... Read more

    Affected Products : ui_for_wpf
    • Published: Sep. 25, 2024
    • Modified: Oct. 03, 2024

  • 6.1

    MEDIUM
    CVE-2024-8405

    An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously ... Read more

    Affected Products : papercut_ng papercut_mf
    • Published: Sep. 26, 2024
    • Modified: Oct. 03, 2024

  • 7.5

    HIGH
    CVE-2024-7107

    Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253.... Read more

    Affected Products : cybermath
    • Published: Sep. 26, 2024
    • Modified: Oct. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-7108

    Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253.... Read more

    Affected Products : cybermath
    • Published: Sep. 26, 2024
    • Modified: Oct. 03, 2024

  • 7.1

    HIGH
    CVE-2024-8687

    An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or... Read more

    Affected Products : pan-os globalprotect prisma_access
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 6.7

    MEDIUM
    CVE-2024-8688

    An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the f... Read more

    Affected Products : pan-os prisma_access
    • Published: Sep. 11, 2024
    • Modified: Oct. 03, 2024

  • 8.8

    HIGH
    CVE-2024-47179

    RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 6... Read more

    Affected Products : rsshub
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 6.5

    MEDIUM
    CVE-2024-20414

    A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is ... Read more

    Affected Products : ios_xe ios
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.1

    CRITICAL
    CVE-2024-8514

    The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authen... Read more

    Affected Products : google_website_translator
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9068

    The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products : oneelements
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9028

    The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products : wp_gpx_maps
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9027

    The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products : wpzoom_shortcodes
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9069

    The Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0... Read more

    Affected Products : graphicsly
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.1

    CRITICAL
    CVE-2024-7385

    The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex... Read more

    Affected Products : wordpress_simple_html_sitemap
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-9073

    The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it ... Read more

    Affected Products : free_gutenberg_blocks
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 4.3

    MEDIUM
    CVE-2024-8516

    The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and abo... Read more

    Affected Products : themesflat_addons_for_elementor
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024
Showing 20 of 291219 Results