Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-45066

    A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 8.8

    HIGH
    CVE-2024-45373

    Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 9.1

    CRITICAL
    CVE-2024-6592

    Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue a... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-46856

    In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices The probe() function is only used for DP83822 and DP83826 PHY, leaving the private data pointer uninitialized for the ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 8.8

    HIGH
    CVE-2024-8890

    An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure ... Read more

    Affected Products : q-smt_firmware q-smt
    • Published: Sep. 18, 2024
    • Modified: Oct. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-43423

    The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 7.8

    HIGH
    CVE-2024-43405

    Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly ... Read more

    Affected Products : nuclei
    • Published: Sep. 04, 2024
    • Modified: Oct. 01, 2024

  • 8.8

    HIGH
    CVE-2024-43402

    Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch fi... Read more

    Affected Products : rust
    • Published: Sep. 04, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-9023

    The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products : wp-webauthn
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-8715

    The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated atta... Read more

    Affected Products : simple_ldap_login
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-8547

    The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products : simple_popup_plugin
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 10.0

    CRITICAL
    CVE-2024-8353

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address... Read more

    Affected Products : givewp
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024

  • 7.5

    HIGH
    CVE-2024-9136

    Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 7.5

    HIGH
    CVE-2024-47294

    Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 7.5

    HIGH
    CVE-2024-47293

    Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 6.2

    MEDIUM
    CVE-2024-47292

    Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 5.6

    MEDIUM
    CVE-2024-47291

    Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-47290

    Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-8633

    The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This mak... Read more

    Affected Products : form_maker
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024

  • 6.8

    MEDIUM
    CVE-2024-8725

    Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possib... Read more

    Affected Products : advanced_file_manager
    • Published: Sep. 26, 2024
    • Modified: Oct. 01, 2024
Showing 20 of 291160 Results